VYPR

CWE-201

Insertion of Sensitive Information Into Sent Data

BaseDraft

Description

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-12 · CAPEC-217 · CAPEC-612 · CAPEC-613 · CAPEC-618 · CAPEC-619 · CAPEC-621 · CAPEC-622 · CAPEC-623

CVEs mapped to this weakness (240)

page 4 of 12
  • CVE-2026-42384HigJun 15, 2026
    risk 0.42cvss 7.5epss 0.00

    Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments < 1.6.11.2 versions.

  • CVE-2026-49064HigJun 15, 2026
    risk 0.42cvss 7.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49.

  • CVE-2026-44487HigJun 11, 2026
    risk 0.42cvss 7.5epss 0.00

    Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an…

  • CVE-2026-42539MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch.

  • CVE-2026-48877MedMay 27, 2026
    risk 0.42cvss 6.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0.

  • CVE-2026-4525HigApr 17, 2026
    risk 0.42cvss 7.5epss 0.00

    If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16.

  • CVE-2026-4927MedApr 1, 2026
    risk 0.42cvss 6.5epss 0.00

    Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request. This issue affects Server: from 2026.1.6 through 2026.1.11.

  • CVE-2026-34226HigMar 27, 2026
    risk 0.42cvss 7.5epss 0.00

    Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin (`window.location`) instead of the request target URL when `fetch(..., { credentials: "include" })` is used.…

  • CVE-2026-25339MedMar 25, 2026
    risk 0.42cvss 6.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Retrieve Embedded Sensitive Data.This issue affects Contact Form by WPForms: from n/a through <= 1.9.8.7.

  • CVE-2026-23546MedMar 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme Classified Listing classified-listing allows Retrieve Embedded Sensitive Data.This issue affects Classified Listing: from n/a through <= 5.3.4.

  • CVE-2026-28131MedFeb 26, 2026
    risk 0.42cvss 6.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through <= 1.14.4.

  • CVE-2025-68006MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Retrieve Embedded Sensitive Data.This issue affects Booking Ultra Pro: from n/a through <= 1.1.23.

  • CVE-2025-68014MedJan 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in awethemes AweBooking awebooking allows Retrieve Embedded Sensitive Data.This issue affects AweBooking: from n/a through <= 3.2.26.

  • CVE-2025-68040MedDec 30, 2025
    risk 0.42cvss 6.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 3.0.1.

  • CVE-2025-64295MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Retrieve Embedded Sensitive Data.This issue affects All In One SEO Pack: from n/a through <= 4.8.6.1.

  • CVE-2025-62038MedNov 6, 2025
    risk 0.42cvss 6.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Sovlix MeetingHub meetinghub allows Retrieve Embedded Sensitive Data.This issue affects MeetingHub: from n/a through <= 1.23.9.

  • CVE-2025-5519MedSep 16, 2025
    risk 0.42cvss 6.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in ArgusTech BILGER allows Choosing Message Identifier. This issue affects BILGER: before 2.4.6.

  • CVE-2025-58872MedSep 5, 2025
    risk 0.42cvss 6.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in premiumbizthemes Simple Price Calculator simple-price-calculator-basic allows Retrieve Embedded Sensitive Data.This issue affects Simple Price Calculator: from n/a through <= 1.3.

  • CVE-2025-41415MedAug 21, 2025
    risk 0.42cvss 6.5epss 0.00

    The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to access publication targets) to retrieve sensitive information that could then be used to gain additional access to downstream resources.

  • CVE-2025-54008MedAug 20, 2025
    risk 0.42cvss 6.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetSmartFilters jet-smart-filters allows Retrieve Embedded Sensitive Data.This issue affects JetSmartFilters: from n/a through <= 3.6.7.