CWE-201
Insertion of Sensitive Information Into Sent Data
Description
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-12 · CAPEC-217 · CAPEC-612 · CAPEC-613 · CAPEC-618 · CAPEC-619 · CAPEC-621 · CAPEC-622 · CAPEC-623
CVEs mapped to this weakness (240)
page 2 of 12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-68035 | Hig | 0.49 | 7.5 | 0.00 | Jan 22, 2026 | Insertion of Sensitive Information Into Sent Data vulnerability in tabbyai Tabby Checkout tabby-checkout allows Retrieve Embedded Sensitive Data.This issue affects Tabby Checkout: from n/a through <= 5.8.4. | ||
| CVE-2025-67931 | Hig | 0.49 | 7.5 | 0.00 | Jan 8, 2026 | Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulletproof-security allows Retrieve Embedded Sensitive Data.This issue affects BulletProof Security: from n/a through <= 6.9. | ||
| CVE-2025-68033 | Hig | 0.49 | 7.5 | 0.00 | Jan 5, 2026 | Insertion of Sensitive Information Into Sent Data vulnerability in Brecht Custom Related Posts custom-related-posts allows Retrieve Embedded Sensitive Data.This issue affects Custom Related Posts: from n/a through <= 1.8.0. | ||
| CVE-2025-66116 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in UserElements Ultimate Member Widgets for Elementor ultimate-member-widgets-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Member Widgets for Elementor: from n/a through <= 2.3. | ||
| CVE-2025-64218 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in WP Chill Passster content-protector allows Retrieve Embedded Sensitive Data.This issue affects Passster: from n/a through <= 4.2.19. | ||
| CVE-2025-64213 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16. | ||
| CVE-2025-13295 | Hig | 0.49 | 7.5 | 0.00 | Dec 2, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. BILGER allows Choosing Message Identifier. This issue affects BILGER: before 2.4.9. | ||
| CVE-2025-62039 | Hig | 0.49 | 7.5 | 0.01 | Nov 6, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Retrieve Embedded Sensitive Data.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through… | ||
| CVE-2025-60188 | Hig | 0.49 | 7.5 | 0.01 | Nov 6, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.1. | ||
| CVE-2025-59579 | Hig | 0.49 | 7.5 | 0.00 | Oct 22, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in PressTigers Simple Job Board simple-job-board allows Retrieve Embedded Sensitive Data.This issue affects Simple Job Board: from n/a through <= 2.13.7. | ||
| CVE-2025-59010 | Hig | 0.49 | 7.5 | 0.00 | Sep 26, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Retrieve Embedded Sensitive Data.This issue affects Permalink Manager Lite: from n/a through <= 2.5.1.3. | ||
| CVE-2025-55715 | Hig | 0.49 | 7.5 | 0.00 | Aug 20, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter - Gutenberg Block otter-blocks allows Retrieve Embedded Sensitive Data.This issue affects Otter - Gutenberg Block: from n/a through <= 3.1.0. | ||
| CVE-2025-48261 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Retrieve Embedded Sensitive Data.This issue affects MultiVendorX: from n/a through <= 4.2.22. | ||
| CVE-2025-48331 | Hig | 0.49 | 7.5 | 0.00 | May 30, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-customers-exporter allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Orders & Customers Exporter: from n/a through <= 5.0. | ||
| CVE-2025-47541 | Hig | 0.49 | 7.5 | 0.00 | May 23, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in WPFunnels Mail Mint mail-mint allows Retrieve Embedded Sensitive Data.This issue affects Mail Mint: from n/a through <= 1.17.7. | ||
| CVE-2025-32635 | Hig | 0.49 | 7.5 | 0.00 | Apr 17, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Hive Support Hive Support hive-support allows Retrieve Embedded Sensitive Data.This issue affects Hive Support: from n/a through <= 1.2.6. | ||
| CVE-2025-32594 | Hig | 0.49 | 7.5 | 0.00 | Apr 17, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in WPMinds Simple WP Events simple-wp-events allows Retrieve Embedded Sensitive Data.This issue affects Simple WP Events: from n/a through <= 1.8.17. | ||
| CVE-2024-7872 | Hig | 0.49 | 7.6 | 0.00 | Mar 6, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in ExtremePACS Extreme XDS allows Retrieve Embedded Sensitive Data. This issue affects Extreme XDS: before 3933. | ||
| CVE-2025-23781 | Hig | 0.49 | 7.5 | 0.01 | Jan 22, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Web Mumbai WM Options Import Export wm-options-import-export allows Retrieve Embedded Sensitive Data.This issue affects WM Options Import Export: from n/a through <= 1.0.1. | ||
| CVE-2025-23774 | Hig | 0.49 | 7.5 | 0.00 | Jan 22, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Niket Joshi WPDB to Sql wpdb-to-sql allows Retrieve Embedded Sensitive Data.This issue affects WPDB to Sql: from n/a through <= 1.2. |
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in tabbyai Tabby Checkout tabby-checkout allows Retrieve Embedded Sensitive Data.This issue affects Tabby Checkout: from n/a through <= 5.8.4.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulletproof-security allows Retrieve Embedded Sensitive Data.This issue affects BulletProof Security: from n/a through <= 6.9.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Brecht Custom Related Posts custom-related-posts allows Retrieve Embedded Sensitive Data.This issue affects Custom Related Posts: from n/a through <= 1.8.0.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in UserElements Ultimate Member Widgets for Elementor ultimate-member-widgets-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Member Widgets for Elementor: from n/a through <= 2.3.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in WP Chill Passster content-protector allows Retrieve Embedded Sensitive Data.This issue affects Passster: from n/a through <= 4.2.19.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. BILGER allows Choosing Message Identifier. This issue affects BILGER: before 2.4.9.
- risk 0.49cvss 7.5epss 0.01
Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Retrieve Embedded Sensitive Data.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through…
- risk 0.49cvss 7.5epss 0.01
Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.1.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in PressTigers Simple Job Board simple-job-board allows Retrieve Embedded Sensitive Data.This issue affects Simple Job Board: from n/a through <= 2.13.7.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Retrieve Embedded Sensitive Data.This issue affects Permalink Manager Lite: from n/a through <= 2.5.1.3.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter - Gutenberg Block otter-blocks allows Retrieve Embedded Sensitive Data.This issue affects Otter - Gutenberg Block: from n/a through <= 3.1.0.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Retrieve Embedded Sensitive Data.This issue affects MultiVendorX: from n/a through <= 4.2.22.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-customers-exporter allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Orders & Customers Exporter: from n/a through <= 5.0.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in WPFunnels Mail Mint mail-mint allows Retrieve Embedded Sensitive Data.This issue affects Mail Mint: from n/a through <= 1.17.7.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Hive Support Hive Support hive-support allows Retrieve Embedded Sensitive Data.This issue affects Hive Support: from n/a through <= 1.2.6.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in WPMinds Simple WP Events simple-wp-events allows Retrieve Embedded Sensitive Data.This issue affects Simple WP Events: from n/a through <= 1.8.17.
- risk 0.49cvss 7.6epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in ExtremePACS Extreme XDS allows Retrieve Embedded Sensitive Data. This issue affects Extreme XDS: before 3933.
- risk 0.49cvss 7.5epss 0.01
Insertion of Sensitive Information Into Sent Data vulnerability in Web Mumbai WM Options Import Export wm-options-import-export allows Retrieve Embedded Sensitive Data.This issue affects WM Options Import Export: from n/a through <= 1.0.1.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Niket Joshi WPDB to Sql wpdb-to-sql allows Retrieve Embedded Sensitive Data.This issue affects WPDB to Sql: from n/a through <= 1.2.