CWE-201
Insertion of Sensitive Information Into Sent Data
BaseDraft
Description
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-12 · CAPEC-217 · CAPEC-612 · CAPEC-613 · CAPEC-618 · CAPEC-619 · CAPEC-621 · CAPEC-622 · CAPEC-623
CVEs mapped to this weakness (171)
page 7 of 9| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-62109 | Med | 0.34 | 5.3 | 0.00 | Dec 9, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in INFINITUM FORM Geo Controller cf-geoplugin allows Retrieve Embedded Sensitive Data.This issue affects Geo Controller: from n/a through <= 8.9.4. | |
| CVE-2025-62979 | Med | 0.34 | 5.3 | 0.00 | Oct 27, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through <= 3.3.4. | |
| CVE-2025-62895 | Med | 0.34 | 5.3 | 0.00 | Oct 27, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.1. | |
| CVE-2025-11025 | Med | 0.34 | 5.3 | 0.00 | Sep 26, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0. | |
| CVE-2025-60140 | Med | 0.34 | 5.3 | 0.00 | Sep 26, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through <= 1.3.3. | |
| CVE-2025-60125 | Med | 0.34 | 5.3 | 0.00 | Sep 26, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in themelooks FoodBook foodbook allows Retrieve Embedded Sensitive Data.This issue affects FoodBook: from n/a through <= 4.7.6. | |
| CVE-2025-57923 | Med | 0.34 | 5.3 | 0.00 | Sep 22, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Ideal Postcodes UK Address Postcode Validation uk-address-postcode-validation allows Retrieve Embedded Sensitive Data.This issue affects UK Address Postcode Validation: from n/a through <= 3.9.2. | |
| CVE-2025-57922 | Med | 0.34 | 5.3 | 0.00 | Sep 22, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Coordinadora Mercantil S.A. Envíos Coordinadora Woocommerce coordinadora allows Retrieve Embedded Sensitive Data.This issue affects Envíos Coordinadora Woocommerce: from n/a through <= 1.1.32. | |
| CVE-2025-48361 | Med | 0.34 | 5.3 | 0.00 | Aug 28, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Retrieve Embedded Sensitive Data.This issue affects Hesabfa Accounting: from n/a through <= 2.2.5. | |
| CVE-2025-53322 | Med | 0.34 | 5.3 | 0.00 | Jun 27, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in ZealousWeb Accept Authorize.NET Payments Using Contact Form 7 accept-authorize-net-payments-using-contact-form-7 allows Retrieve Embedded Sensitive Data.This issue affects Accept Authorize.NET Payments Using Contact Form 7: from n/a through <= 2.5. | |
| CVE-2025-53309 | Med | 0.34 | 5.3 | 0.00 | Jun 27, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in ZealousWeb Accept Stripe Payments Using Contact Form 7 accept-stripe-payments-using-contact-form-7 allows Retrieve Embedded Sensitive Data.This issue affects Accept Stripe Payments Using Contact Form 7: from n/a through <= 3.0. | |
| CVE-2025-49294 | Med | 0.34 | 5.3 | 0.00 | Jun 6, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Retrieve Embedded Sensitive Data.This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through <= 2.6.8.2. | |
| CVE-2025-5733 | Med | 0.34 | 5.3 | 0.00 | Jun 6, 2025 | The Modern Events Calendar Lite plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 7.21.9. This is due improper or insufficient validation of the id property when exporting calendars. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | |
| CVE-2025-39498 | Med | 0.34 | 5.3 | 0.00 | May 26, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Spotlight Spotlight - Social Media Feeds (Premium) allows Retrieve Embedded Sensitive Data.This issue affects Spotlight - Social Media Feeds (Premium): from n/a through 1.7.1. | |
| CVE-2025-31842 | Med | 0.34 | 5.3 | 0.01 | Apr 1, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Retrieve Embedded Sensitive Data.This issue affects Viral Loops WP Integration: from n/a through <= 3.4.0. | |
| CVE-2025-30609 | Med | 0.34 | 5.3 | 0.00 | Mar 24, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal AppExperts appexperts allows Retrieve Embedded Sensitive Data.This issue affects AppExperts: from n/a through <= 1.4.3. | |
| CVE-2025-22303 | Med | 0.34 | 5.3 | 0.00 | Jan 7, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.17.0. | |
| CVE-2024-34812 | Med | 0.34 | 5.3 | 0.00 | May 14, 2024 | Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through <= 2.1.8. | |
| CVE-2024-34556 | Med | 0.34 | 5.3 | 0.00 | May 14, 2024 | Insertion of Sensitive Information Into Sent Data vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.5.4. | |
| CVE-2025-62308 | Med | 0.33 | 5.1 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions |