This vulnerability (CVE-2026-52692) in wp.insider Affiliates Manager versions up to 2.9.50 allows unauthenticated attackers to cause sensitive data to be exposed by insertion into sent data streams. The weakness corresponds to CWE-201, which involves insertion of sensitive information into data that is transmitted, potentially leading to unauthorized disclosure. The CVSS 3.1 base score is 7.5, indicating high severity with network attack vector, low attack complexity, no privileges required, no user interaction, and high confidentiality impact. No vendor advisory or patch information is currently available, and the product is not a cloud service.

An unauthenticated attacker can exploit this vulnerability to gain access to sensitive information that should not be exposed, potentially compromising confidentiality. There is no impact on integrity or availability reported. The vulnerability affects all users of Affiliates Manager up to version 2.9.50 who have not applied a fix, increasing risk of data leakage.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary workaround is currently documented, users should monitor vendor communications for updates. Until a patch is available, consider restricting access to the affected plugin or disabling it if feasible to reduce exposure.