CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
BaseIncomplete
Description
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-170 · CAPEC-694
CVEs mapped to this weakness (184)
page 5 of 10| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-25325 | Med | 0.34 | 5.3 | 0.00 | Feb 19, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through <= 4.7.8. | |
| CVE-2026-25023 | Med | 0.34 | 5.3 | 0.00 | Feb 3, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a through <= 2.0.7. | |
| CVE-2026-24998 | Med | 0.34 | 5.3 | 0.00 | Feb 3, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through <= 7.8.9.2. | |
| CVE-2026-24593 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through <= 4.4.3. | |
| CVE-2026-24536 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through <= 4.38.0. | |
| CVE-2026-24523 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through <= 1.6. | |
| CVE-2026-0853 | Med | 0.34 | 5.3 | 0.00 | Jan 12, 2026 | Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information. | |
| CVE-2025-31051 | Med | 0.34 | 5.3 | 0.00 | Jan 7, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0. | |
| CVE-2025-62114 | Med | 0.34 | 5.3 | 0.00 | Dec 31, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in marcelotorres Download Media Library download-media-library allows Retrieve Embedded Sensitive Data.This issue affects Download Media Library: from n/a through <= 0.2.1. | |
| CVE-2025-68988 | Med | 0.34 | 5.3 | 0.00 | Dec 30, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through <= 1.3.0. | |
| CVE-2025-68606 | Med | 0.34 | 5.3 | 0.00 | Dec 24, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3. | |
| CVE-2025-68494 | Med | 0.34 | 5.3 | 0.00 | Dec 24, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.53. | |
| CVE-2025-67567 | Med | 0.34 | 5.3 | 0.00 | Dec 9, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in uixthemes Sober sober allows Retrieve Embedded Sensitive Data.This issue affects Sober: from n/a through <= 3.5.11. | |
| CVE-2025-67565 | Med | 0.34 | 5.3 | 0.00 | Dec 9, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam Rehub rehub-theme allows Retrieve Embedded Sensitive Data.This issue affects Rehub: from n/a through <= 19.9.9.1. | |
| CVE-2025-67564 | Med | 0.34 | 5.3 | 0.00 | Dec 9, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in alekv Pixel Manager for WooCommerce woocommerce-google-adwords-conversion-tracking-tag allows Retrieve Embedded Sensitive Data.This issue affects Pixel Manager for WooCommerce: from n/a through <= 1.51.1. | |
| CVE-2025-63009 | Med | 0.34 | 5.3 | 0.00 | Dec 9, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in yuvalo WP Google Analytics Events wp-google-analytics-events allows Retrieve Embedded Sensitive Data.This issue affects WP Google Analytics Events: from n/a through <= 2.8.2. | |
| CVE-2025-62737 | Med | 0.34 | 5.3 | 0.00 | Dec 9, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in opicron Image Cleanup image-cleanup allows Retrieve Embedded Sensitive Data.This issue affects Image Cleanup: from n/a through <= 1.9.2. | |
| CVE-2025-62735 | Med | 0.34 | 5.3 | 0.00 | Dec 9, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Joel User Spam Remover user-spam-remover allows Retrieve Embedded Sensitive Data.This issue affects User Spam Remover: from n/a through <= 1.1. | |
| CVE-2025-66059 | Med | 0.34 | 5.3 | 0.00 | Nov 21, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0. | |
| CVE-2025-13160 | Med | 0.34 | 5.3 | 0.00 | Nov 14, 2025 | IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal network. |