CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Description
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-170 · CAPEC-694
CVEs mapped to this weakness (213)
page 5 of 11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42644 | Med | 0.34 | 5.3 | 0.00 | Apr 29, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through <= 4.3.10. | ||
| CVE-2026-39686 | Med | 0.34 | 5.3 | 0.00 | Apr 8, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through <= 3.7.2. | ||
| CVE-2026-39571 | Med | 0.34 | 5.3 | 0.00 | Apr 8, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a through <= 3.3.30. | ||
| CVE-2026-39536 | Med | 0.34 | 5.3 | 0.00 | Apr 8, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through <= 2.7.16. | ||
| CVE-2026-39516 | Med | 0.34 | 5.3 | 0.00 | Apr 8, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.7.0. | ||
| CVE-2026-33617 | Med | 0.34 | 5.3 | 0.00 | Apr 2, 2026 | An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials. | ||
| CVE-2026-32405 | Med | 0.34 | 5.3 | 0.00 | Mar 13, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9. | ||
| CVE-2026-32372 | Med | 0.34 | 5.3 | 0.00 | Mar 13, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder… | ||
| CVE-2026-3075 | Med | 0.34 | 5.3 | 0.00 | Feb 23, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Jeff Starr Simple Ajax Chat simple-ajax-chat allows Retrieve Embedded Sensitive Data.This issue affects Simple Ajax Chat: from n/a through <= 20251121. | ||
| CVE-2026-25389 | Med | 0.34 | 5.3 | 0.00 | Feb 19, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.8.3. | ||
| CVE-2026-25325 | Med | 0.34 | 5.3 | 0.00 | Feb 19, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a… | ||
| CVE-2026-25023 | Med | 0.34 | 5.3 | 0.00 | Feb 3, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with… | ||
| CVE-2026-24998 | Med | 0.34 | 5.3 | 0.00 | Feb 3, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through <= 7.8.9.2. | ||
| CVE-2026-24593 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through <= 4.4.3. | ||
| CVE-2026-24536 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through <= 4.38.0. | ||
| CVE-2026-24523 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through <= 1.6. | ||
| CVE-2026-0853 | Med | 0.34 | 5.3 | 0.00 | Jan 12, 2026 | Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information. | ||
| CVE-2025-31051 | — | Med | 0.34 | 5.3 | 0.00 | Jan 7, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through… | |
| CVE-2025-62114 | Med | 0.34 | 5.3 | 0.00 | Dec 31, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in marcelotorres Download Media Library download-media-library allows Retrieve Embedded Sensitive Data.This issue affects Download Media Library: from n/a through <= 0.2.1. | ||
| CVE-2025-68988 | Med | 0.34 | 5.3 | 0.00 | Dec 30, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through <= 1.3.0. |
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through <= 4.3.10.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through <= 3.7.2.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a through <= 3.3.30.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through <= 2.7.16.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.7.0.
- risk 0.34cvss 5.3epss 0.00
An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder…
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Jeff Starr Simple Ajax Chat simple-ajax-chat allows Retrieve Embedded Sensitive Data.This issue affects Simple Ajax Chat: from n/a through <= 20251121.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.8.3.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a…
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with…
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through <= 7.8.9.2.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through <= 4.4.3.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through <= 4.38.0.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through <= 1.6.
- risk 0.34cvss 5.3epss 0.00
Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through…
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in marcelotorres Download Media Library download-media-library allows Retrieve Embedded Sensitive Data.This issue affects Download Media Library: from n/a through <= 0.2.1.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through <= 1.3.0.