CWE-201
Insertion of Sensitive Information Into Sent Data
Description
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-12 · CAPEC-217 · CAPEC-612 · CAPEC-613 · CAPEC-618 · CAPEC-619 · CAPEC-621 · CAPEC-622 · CAPEC-623
CVEs mapped to this weakness (240)
page 9 of 12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-31842 | Med | 0.34 | 5.3 | 0.00 | Apr 1, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Retrieve Embedded Sensitive Data.This issue affects Viral Loops WP Integration: from n/a through <= 3.4.0. | ||
| CVE-2025-30609 | Med | 0.34 | 5.3 | 0.00 | Mar 24, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal AppExperts appexperts allows Retrieve Embedded Sensitive Data.This issue affects AppExperts: from n/a through <= 1.4.3. | ||
| CVE-2025-22303 | Med | 0.34 | 5.3 | 0.00 | Jan 7, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.17.0. | ||
| CVE-2024-34812 | Med | 0.34 | 5.3 | 0.01 | May 14, 2024 | Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through <= 2.1.8. | ||
| CVE-2024-34556 | Med | 0.34 | 5.3 | 0.01 | May 14, 2024 | Insertion of Sensitive Information Into Sent Data vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory & Order Manager:… | ||
| CVE-2025-62308 | Med | 0.33 | 5.1 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under… | ||
| CVE-2025-62305 | Med | 0.33 | 5.1 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allow exposure of data to external systems under specific conditions. | ||
| CVE-2025-68516 | Med | 0.33 | 5.0 | 0.00 | Dec 24, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through <= 1.1.35.1. | ||
| CVE-2025-62998 | Med | 0.33 | 5.0 | 0.00 | Dec 18, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through <= 1.2.7. | ||
| CVE-2025-62947 | Med | 0.33 | 5.0 | 0.00 | Oct 27, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in publitio Publitio publitio allows Retrieve Embedded Sensitive Data.This issue affects Publitio: from n/a through <= 2.2.5. | ||
| CVE-2017-16026 | — | Med | 0.32 | 5.9 | 0.03 | Jun 4, 2018 | Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0. | |
| CVE-2026-41181 | Med | 0.31 | 5.8 | 0.00 | May 15, 2026 | Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors (custom error pages) middleware. When the backend returns a response matching the configured status range, the… | ||
| CVE-2025-31978 | Med | 0.30 | 4.6 | 0.00 | May 6, 2026 | HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt information exfiltration or other… | ||
| CVE-2026-42042 | Med | 0.28 | 5.4 | 0.00 | Apr 24, 2026 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. When this property is… | ||
| CVE-2026-5512 | Med | 0.28 | 4.3 | 0.00 | Apr 21, 2026 | An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and… | ||
| CVE-2026-25008 | Med | 0.28 | 4.3 | 0.00 | Feb 19, 2026 | Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5. | ||
| CVE-2025-68989 | Med | 0.28 | 4.3 | 0.00 | Dec 30, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Renzo Johnson contact-form-7-mailchimp-extension contact-form-7-mailchimp-extension allows Retrieve Embedded Sensitive Data.This issue affects contact-form-7-mailchimp-extension: from n/a through <= 0.9.68. | ||
| CVE-2025-63007 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.4.1. | ||
| CVE-2025-62994 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through <= 1.2.7. | ||
| CVE-2025-64351 | Med | 0.28 | 4.3 | 0.00 | Oct 31, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Retrieve Embedded Sensitive Data.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1. |
- risk 0.34cvss 5.3epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Retrieve Embedded Sensitive Data.This issue affects Viral Loops WP Integration: from n/a through <= 3.4.0.
- risk 0.34cvss 5.3epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal AppExperts appexperts allows Retrieve Embedded Sensitive Data.This issue affects AppExperts: from n/a through <= 1.4.3.
- risk 0.34cvss 5.3epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.17.0.
- risk 0.34cvss 5.3epss 0.01
Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through <= 2.1.8.
- risk 0.34cvss 5.3epss 0.01
Insertion of Sensitive Information Into Sent Data vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory & Order Manager:…
- risk 0.33cvss 5.1epss 0.00
HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under…
- risk 0.33cvss 5.1epss 0.00
HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allow exposure of data to external systems under specific conditions.
- risk 0.33cvss 5.0epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through <= 1.1.35.1.
- risk 0.33cvss 5.0epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through <= 1.2.7.
- risk 0.33cvss 5.0epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in publitio Publitio publitio allows Retrieve Embedded Sensitive Data.This issue affects Publitio: from n/a through <= 2.2.5.
- risk 0.32cvss 5.9epss 0.03
Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0.
- risk 0.31cvss 5.8epss 0.00
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors (custom error pages) middleware. When the backend returns a response matching the configured status range, the…
- risk 0.30cvss 4.6epss 0.00
HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt information exfiltration or other…
- risk 0.28cvss 5.4epss 0.00
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. When this property is…
- risk 0.28cvss 4.3epss 0.00
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and…
- risk 0.28cvss 4.3epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5.
- risk 0.28cvss 4.3epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Renzo Johnson contact-form-7-mailchimp-extension contact-form-7-mailchimp-extension allows Retrieve Embedded Sensitive Data.This issue affects contact-form-7-mailchimp-extension: from n/a through <= 0.9.68.
- risk 0.28cvss 4.3epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.4.1.
- risk 0.28cvss 4.3epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through <= 1.2.7.
- risk 0.28cvss 4.3epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Retrieve Embedded Sensitive Data.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.