CWE-201
Insertion of Sensitive Information Into Sent Data
BaseDraft
Description
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-12 · CAPEC-217 · CAPEC-612 · CAPEC-613 · CAPEC-618 · CAPEC-619 · CAPEC-621 · CAPEC-622 · CAPEC-623
CVEs mapped to this weakness (171)
page 8 of 9| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-62305 | Med | 0.33 | 5.1 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allow exposure of data to external systems under specific conditions. | |
| CVE-2025-68516 | Med | 0.33 | 5.0 | 0.00 | Dec 24, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through <= 1.1.35.1. | |
| CVE-2025-62998 | Med | 0.33 | 5.0 | 0.00 | Dec 18, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through <= 1.2.7. | |
| CVE-2025-62947 | Med | 0.33 | 5.0 | 0.00 | Oct 27, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in publitio Publitio publitio allows Retrieve Embedded Sensitive Data.This issue affects Publitio: from n/a through <= 2.2.5. | |
| CVE-2025-31978 | Med | 0.30 | 4.6 | 0.00 | May 6, 2026 | HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt information exfiltration or other malicious activity when automatically executed by the spreadsheet software. Note that current versions of Excel warn users of untrusted content. | |
| CVE-2026-5512 | Med | 0.28 | 4.3 | 0.00 | Apr 21, 2026 | An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error messages included the full repository name for repositories the caller did not have access to. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, and 3.14.26. This vulnerability was reported via the GitHub Bug Bounty program. | |
| CVE-2026-25008 | Med | 0.28 | 4.3 | 0.00 | Feb 19, 2026 | Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5. | |
| CVE-2025-68989 | Med | 0.28 | 4.3 | 0.00 | Dec 30, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Renzo Johnson contact-form-7-mailchimp-extension contact-form-7-mailchimp-extension allows Retrieve Embedded Sensitive Data.This issue affects contact-form-7-mailchimp-extension: from n/a through <= 0.9.68. | |
| CVE-2025-63007 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.4.1. | |
| CVE-2025-62994 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through <= 1.2.7. | |
| CVE-2025-64351 | Med | 0.28 | 4.3 | 0.00 | Oct 31, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Retrieve Embedded Sensitive Data.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1. | |
| CVE-2025-62026 | Med | 0.28 | 4.3 | 0.00 | Oct 22, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Blockspare Blockspare blockspare allows Retrieve Embedded Sensitive Data.This issue affects Blockspare: from n/a through <= 3.2.13.2. | |
| CVE-2025-60095 | Med | 0.28 | 4.3 | 0.00 | Sep 26, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Benjamin Intal Stackable stackable-ultimate-gutenberg-blocks allows Retrieve Embedded Sensitive Data.This issue affects Stackable: from n/a through <= 3.18.1. | |
| CVE-2025-58246 | Med | 0.28 | 4.3 | 0.00 | Sep 23, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges required in order to exploit it. This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2.7, from 6.1 through 6.1.8, from 6.0 through 6.0.10, from 5.9 through 5.9.11, from 5.8 through 5.8.11, from 5.7 through 5.7.13, from 5.6 through 5.6.15, from 5.5 through 5.5.16, from 5.4 through 5.4.17, from 5.3 through 5.3.19, from 5.2 through 5.2.22, from 5.1 through 5.1.20, from 5.0 through 5.0.23, from 4.9 through 4.9.27, from 4.8 through 4.8.26, from 4.7 through 4.7.30. | |
| CVE-2025-58649 | Med | 0.28 | 4.3 | 0.00 | Sep 22, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Retrieve Embedded Sensitive Data.This issue affects All In One SEO Pack: from n/a through <= 4.8.7.1. | |
| CVE-2025-58252 | Med | 0.28 | 4.3 | 0.00 | Sep 22, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in jetmonsters Getwid getwid allows Retrieve Embedded Sensitive Data.This issue affects Getwid: from n/a through <= 2.1.2. | |
| CVE-2025-58249 | Med | 0.28 | 4.3 | 0.00 | Sep 22, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Themeum Qubely qubely allows Retrieve Embedded Sensitive Data.This issue affects Qubely: from n/a through <= 1.8.14. | |
| CVE-2025-44017 | Med | 0.28 | 4.3 | 0.00 | Sep 2, 2025 | "Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token). | |
| CVE-2025-55710 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Steve Burge TaxoPress simple-tags allows Retrieve Embedded Sensitive Data.This issue affects TaxoPress: from n/a through <= 3.37.2. | |
| CVE-2024-8429 | Med | 0.28 | 4.3 | 0.00 | Dec 17, 2024 | Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials.This issue affects WiFiBurada: before 1.0.5. |