AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-62998: Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot allows Retrieve Embedded Sen

mediumvulnerability

security

Source: NVD/CVE DatabaseDecember 18, 2025CVE-2025-62998

Summary

CVE-2025-62998 is a vulnerability in WP AI CoPilot (a WordPress plugin that adds AI features) versions 1.2.7 and earlier, where sensitive information can be unintentionally included in data sent from the plugin. This is classified as CWE-201 (insertion of sensitive information into sent data), meaning the plugin may leak private or confidential data to unintended recipients.

Vulnerability Details

CVSS Score

5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack Type

PII Leakage

Attack SophisticationModerate

Impact (CIA+S)

confidentiality

AI Component TargetedAPI

Taxonomy References

CWE (Weakness Type)

CWE-201

Affected Vendors

Related Issues

medium

CVE-2026-2589: The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure

Similar attackNVD/CVE Database

high

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

First tracked: February 15, 2026 at 08:51 PM

Classified by LLM (prompt v3) · confidence: 75%