VYPR

CWE-201

Insertion of Sensitive Information Into Sent Data

BaseDraft

Description

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-12 · CAPEC-217 · CAPEC-612 · CAPEC-613 · CAPEC-618 · CAPEC-619 · CAPEC-621 · CAPEC-622 · CAPEC-623

CVEs mapped to this weakness (240)

page 7 of 12
  • CVE-2024-43264MedAug 26, 2024
    risk 0.35cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in mischiefmarmot Create by Mediavine mediavine-create.This issue affects Create by Mediavine: from n/a through <= 1.9.8.

  • CVE-2024-43259MedAug 26, 2024
    risk 0.35cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in WebFactory Order Export for WooCommerce order-export-and-more-for-woocommerce.This issue affects Order Export for WooCommerce: from n/a through <= 3.23.

  • CVE-2024-43230MedAug 26, 2024
    risk 0.35cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through <= 1.7.28.

  • CVE-2026-35447MedJun 2, 2026
    risk 0.34cvss epss 0.00

    NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page (modules/Core/pages/profile.php) processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the…

  • CVE-2026-45215MedMay 12, 2026
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Retrieve Embedded Sensitive Data.This issue affects WP EasyPay: from n/a through <= 4.3.0.

  • CVE-2026-39711MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Retrieve Embedded Sensitive Data.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5.

  • CVE-2026-39709MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through <= 1.3.4.

  • CVE-2026-39586MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a through <= 4.1132.

  • CVE-2026-39570MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9.

  • CVE-2026-39564MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Retrieve Embedded Sensitive Data.This issue affects Sunshine Photo Cart: from n/a through < 3.6.2.

  • CVE-2026-39542MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder for WooCommerce: from n/a through <= 2.10.13.

  • CVE-2026-39473MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History simple-history allows Retrieve Embedded Sensitive Data.This issue affects Simple History: from n/a through <= 5.24.0.

  • CVE-2026-32354MedMar 13, 2026
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through < 5.1.9.

  • CVE-2026-24992MedFeb 3, 2026
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Retrieve Embedded Sensitive Data.This issue affects Advanced WooCommerce Product Sales Reporting: from…

  • CVE-2026-24589MedJan 23, 2026
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Cargus eCommerce Cargus cargus allows Retrieve Embedded Sensitive Data.This issue affects Cargus: from n/a through <= 1.5.8.

  • CVE-2026-24559MedJan 23, 2026
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Retrieve Embedded Sensitive Data.This issue affects Integration for Contact Form 7 HubSpot: from n/a through <= 1.4.3.

  • CVE-2026-24557MedJan 23, 2026
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in WEN Solutions Contact Form 7 GetResponse Extension contact-form-7-getresponse-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 GetResponse Extension: from n/a through <= 1.0.8.

  • CVE-2025-63019MedJan 22, 2026
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Johan Jonk Stenström Cookies and Content Security Policy cookies-and-content-security-policy allows Retrieve Embedded Sensitive Data.This issue affects Cookies and Content Security Policy: from n/a through <=…

  • CVE-2026-22539MedJan 7, 2026
    risk 0.34cvss epss 0.00

    As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6.

  • CVE-2025-59136MedDec 31, 2025
    risk 0.34cvss 5.3epss 0.01

    Insertion of Sensitive Information Into Sent Data vulnerability in Efí Bank Gerencianet Oficial woo-gerencianet-official allows Retrieve Embedded Sensitive Data.This issue affects Gerencianet Oficial: from n/a through <= 3.1.3.