CWE-201
Insertion of Sensitive Information Into Sent Data
Description
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-12 · CAPEC-217 · CAPEC-612 · CAPEC-613 · CAPEC-618 · CAPEC-619 · CAPEC-621 · CAPEC-622 · CAPEC-623
CVEs mapped to this weakness (240)
page 5 of 12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-53998 | Med | 0.42 | 6.5 | 0.00 | Aug 20, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Retrieve Embedded Sensitive Data.This issue affects JetWooBuilder: from n/a through <= 2.1.20. | ||
| CVE-2025-53993 | Med | 0.42 | 6.5 | 0.00 | Aug 20, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetPopup jet-popup allows Retrieve Embedded Sensitive Data.This issue affects JetPopup: from n/a through <= 2.0.15. | ||
| CVE-2025-53992 | Med | 0.42 | 6.5 | 0.00 | Aug 20, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTricks jet-tricks allows Retrieve Embedded Sensitive Data.This issue affects JetTricks: from n/a through <= 1.5.4.1. | ||
| CVE-2025-53988 | Med | 0.42 | 6.5 | 0.00 | Aug 20, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.18. | ||
| CVE-2025-53987 | Med | 0.42 | 6.5 | 0.00 | Aug 20, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetMenu jet-menu allows Retrieve Embedded Sensitive Data.This issue affects JetMenu: from n/a through <= 2.4.11.1. | ||
| CVE-2025-53985 | Med | 0.42 | 6.5 | 0.00 | Aug 20, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTabs jet-tabs allows Retrieve Embedded Sensitive Data.This issue affects JetTabs: from n/a through <= 2.2.9. | ||
| CVE-2025-53983 | Med | 0.42 | 6.5 | 0.00 | Aug 20, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor jet-elements allows Retrieve Embedded Sensitive Data.This issue affects JetElements For Elementor: from n/a through <= 2.7.7. | ||
| CVE-2025-53196 | Med | 0.42 | 6.5 | 0.00 | Aug 20, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine jet-engine allows Retrieve Embedded Sensitive Data.This issue affects JetEngine: from n/a through <= 3.7.0. | ||
| CVE-2025-54685 | Med | 0.42 | 6.5 | 0.00 | Aug 14, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Brainstorm Force SureDash suredash allows Retrieve Embedded Sensitive Data.This issue affects SureDash: from n/a through <= 1.1.0. | ||
| CVE-2025-27001 | Med | 0.42 | 6.5 | 0.00 | Mar 28, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Shipmondo Shipmondo – A complete shipping solution for WooCommerce pakkelabels-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Shipmondo – A complete shipping solution for… | ||
| CVE-2025-24567 | Med | 0.42 | 6.5 | 0.00 | Feb 14, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.16.0. | ||
| CVE-2025-24639 | Med | 0.42 | 6.5 | 0.00 | Feb 3, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Greys Korea for WooCommerce korea-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Korea for WooCommerce: from n/a through <= 1.1.11. | ||
| CVE-2025-24597 | Med | 0.42 | 6.5 | 0.00 | Jan 31, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce embedding-barcodes-into-product-pages-and-orders allows Retrieve Embedded Sensitive Data.This issue affects Barcode Generator for WooCommerce:… | ||
| CVE-2024-54309 | Med | 0.42 | 6.5 | 0.01 | Dec 13, 2024 | Insertion of Sensitive Information Into Sent Data vulnerability in wpdebuglog PostBox postbox-email-logs allows Retrieve Embedded Sensitive Data.This issue affects PostBox: from n/a through <= 1.0.4. | ||
| CVE-2024-6586 | Hig | 0.42 | 7.3 | 0.02 | Aug 30, 2024 | Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat actor controlled source can trigger an SSRF request when exported, via a POST… | ||
| CVE-2016-10518 | Hig | 0.42 | 7.5 | 0.02 | May 31, 2018 | A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly… | ||
| CVE-2026-10101 | Med | 0.41 | 6.3 | 0.00 | May 29, 2026 | ACM/MCE assisted-service writes raw referenced pull-secret contents into `InfraEnv.status.conditions[].message` when pull-secret validation fails. A namespace principal with the stock `view` ClusterRole cannot directly read Secrets, but can read `InfraEnv` objects and recover… | ||
| CVE-2025-68029 | Med | 0.41 | 6.3 | 0.00 | Jan 5, 2026 | Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through <= 2.7.3. | ||
| CVE-2026-1777 | Hig | 0.40 | 7.2 | 0.00 | Feb 2, 2026 | The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training… | ||
| CVE-2026-47717 | hig | 0.38 | — | 0.00 | May 27, 2026 | ### Summary The GET /api/project endpoint exposes sensitive project configuration data to guest-context requests even when secureEnabled is enabled. ### Details File: `server/api/projects/index.js` ```javascript prjApp.get("/api/project", secureFnc, function(req, res) { … |
- risk 0.42cvss 6.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Retrieve Embedded Sensitive Data.This issue affects JetWooBuilder: from n/a through <= 2.1.20.
- risk 0.42cvss 6.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetPopup jet-popup allows Retrieve Embedded Sensitive Data.This issue affects JetPopup: from n/a through <= 2.0.15.
- risk 0.42cvss 6.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTricks jet-tricks allows Retrieve Embedded Sensitive Data.This issue affects JetTricks: from n/a through <= 1.5.4.1.
- risk 0.42cvss 6.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.18.
- risk 0.42cvss 6.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetMenu jet-menu allows Retrieve Embedded Sensitive Data.This issue affects JetMenu: from n/a through <= 2.4.11.1.
- risk 0.42cvss 6.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTabs jet-tabs allows Retrieve Embedded Sensitive Data.This issue affects JetTabs: from n/a through <= 2.2.9.
- risk 0.42cvss 6.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor jet-elements allows Retrieve Embedded Sensitive Data.This issue affects JetElements For Elementor: from n/a through <= 2.7.7.
- risk 0.42cvss 6.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine jet-engine allows Retrieve Embedded Sensitive Data.This issue affects JetEngine: from n/a through <= 3.7.0.
- risk 0.42cvss 6.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Brainstorm Force SureDash suredash allows Retrieve Embedded Sensitive Data.This issue affects SureDash: from n/a through <= 1.1.0.
- risk 0.42cvss 6.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Shipmondo Shipmondo – A complete shipping solution for WooCommerce pakkelabels-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Shipmondo – A complete shipping solution for…
- risk 0.42cvss 6.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
- risk 0.42cvss 6.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Greys Korea for WooCommerce korea-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Korea for WooCommerce: from n/a through <= 1.1.11.
- risk 0.42cvss 6.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce embedding-barcodes-into-product-pages-and-orders allows Retrieve Embedded Sensitive Data.This issue affects Barcode Generator for WooCommerce:…
- risk 0.42cvss 6.5epss 0.01
Insertion of Sensitive Information Into Sent Data vulnerability in wpdebuglog PostBox postbox-email-logs allows Retrieve Embedded Sensitive Data.This issue affects PostBox: from n/a through <= 1.0.4.
- risk 0.42cvss 7.3epss 0.02
Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat actor controlled source can trigger an SSRF request when exported, via a POST…
- risk 0.42cvss 7.5epss 0.02
A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly…
- risk 0.41cvss 6.3epss 0.00
ACM/MCE assisted-service writes raw referenced pull-secret contents into `InfraEnv.status.conditions[].message` when pull-secret validation fails. A namespace principal with the stock `view` ClusterRole cannot directly read Secrets, but can read `InfraEnv` objects and recover…
- risk 0.41cvss 6.3epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through <= 2.7.3.
- risk 0.40cvss 7.2epss 0.00
The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training…
- risk 0.38cvss —epss 0.00
### Summary The GET /api/project endpoint exposes sensitive project configuration data to guest-context requests even when secureEnabled is enabled. ### Details File: `server/api/projects/index.js` ```javascript prjApp.get("/api/project", secureFnc, function(req, res) { …