VYPR

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

ClassDraftLikelihood: High

Description

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79

CVEs mapped to this weakness (5,455)

page 88 of 273
  • CVE-2024-4266MedJun 11, 2024
    risk 0.35cvss 5.3epss 0.01

    The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users.

  • CVE-2024-5483MedJun 5, 2024
    risk 0.35cvss 5.3epss 0.06

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. This makes it possible for unauthenticated attackers to extract basic information about website users, including their emails

  • CVE-2024-3870MedMay 2, 2024
    risk 0.35cvss 5.3epss 0.01

    The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users.

  • CVE-2024-33575MedApr 29, 2024
    risk 0.35cvss 5.3epss 0.05

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0.

  • CVE-2024-32506MedApr 17, 2024
    risk 0.35cvss 5.4epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.

  • CVE-2024-2966MedApr 11, 2024
    risk 0.35cvss 5.3epss 0.01

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the element_pack_ajax_search function. This makes it possible for unauthenticated attackers to extract sensitive data including password protected post details.

  • CVE-2024-2093MedApr 9, 2024
    risk 0.35cvss 6.5epss 0.01

    The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content.

  • CVE-2023-6777MedApr 9, 2024
    risk 0.35cvss 5.3epss 0.03

    The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's Google API key. While this does not affect the security of sites using this plugin, it allows unauthenticated attackers to make requests using this API key with the potential of exhausting requests resulting in an inability to use the map functionality offered by the plugin.

  • CVE-2023-5692MedApr 5, 2024
    risk 0.35cvss 5.3epss 0.01

    WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.

  • CVE-2024-2106MedMar 13, 2024
    risk 0.35cvss 5.3epss 0.02

    The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and email addresses which can be used to help perform future attacks.

  • CVE-2023-51406MedJan 8, 2024
    risk 0.35cvss 5.3epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup – Fastest WordPress Migration & Duplicator.This issue affects FastDup – Fastest WordPress Migration & Duplicator: from n/a through 2.1.7.

  • CVE-2023-51688MedDec 29, 2023
    risk 0.35cvss 5.3epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26.

  • CVE-2023-51687MedDec 29, 2023
    risk 0.35cvss 5.3epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple.This issue affects Product Catalog Simple: from n/a through 1.7.6.

  • CVE-2023-28421MedDec 21, 2023
    risk 0.35cvss 5.3epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin – WP Email Capture.This issue affects WordPress Email Marketing Plugin – WP Email Capture: from n/a through 3.10.

  • CVE-2023-49762MedDec 21, 2023
    risk 0.35cvss 5.3epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AppMySite AppMySite – Create an app with the Best Mobile App Builder.This issue affects AppMySite – Create an app with the Best Mobile App Builder: from n/a through 3.11.0.

  • CVE-2023-44982MedDec 19, 2023
    risk 0.35cvss 5.3epss 0.13

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina).This issue affects Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina): from n/a through 6.4.5.

  • CVE-2023-41735MedNov 30, 2023
    risk 0.35cvss 5.3epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers.This issue affects Email posts to subscribers: from n/a through 6.2.

  • CVE-2023-40662MedNov 30, 2023
    risk 0.35cvss 5.3epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy.This issue affects Cookies and Content Security Policy: from n/a through 2.15.

  • CVE-2023-37972MedNov 30, 2023
    risk 0.35cvss 5.3epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce.This issue affects Product Stock Manager & Notifier for WooCommerce: from n/a through 2.0.1.

  • CVE-2023-47529MedNov 23, 2023
    risk 0.35cvss 5.3epss 0.03

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeIsle Cloud Templates & Patterns collection.This issue affects Cloud Templates & Patterns collection: from n/a through 1.2.2.