VYPR

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

BaseIncomplete

Description

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-170 · CAPEC-694

CVEs mapped to this weakness (213)

page 5 of 11
  • CVE-2026-42644MedApr 29, 2026
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through <= 4.3.10.

  • CVE-2026-39686MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through <= 3.7.2.

  • CVE-2026-39571MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a through <= 3.3.30.

  • CVE-2026-39536MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through <= 2.7.16.

  • CVE-2026-39516MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.7.0.

  • CVE-2026-33617MedApr 2, 2026
    risk 0.34cvss 5.3epss 0.00

    An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.

  • CVE-2026-32405MedMar 13, 2026
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9.

  • CVE-2026-32372MedMar 13, 2026
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder…

  • CVE-2026-3075MedFeb 23, 2026
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Jeff Starr Simple Ajax Chat simple-ajax-chat allows Retrieve Embedded Sensitive Data.This issue affects Simple Ajax Chat: from n/a through <= 20251121.

  • CVE-2026-25389MedFeb 19, 2026
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.8.3.

  • CVE-2026-25325MedFeb 19, 2026
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a…

  • CVE-2026-25023MedFeb 3, 2026
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with…

  • CVE-2026-24998MedFeb 3, 2026
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through <= 7.8.9.2.

  • CVE-2026-24593MedJan 23, 2026
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through <= 4.4.3.

  • CVE-2026-24536MedJan 23, 2026
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through <= 4.38.0.

  • CVE-2026-24523MedJan 23, 2026
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through <= 1.6.

  • CVE-2026-0853MedJan 12, 2026
    risk 0.34cvss 5.3epss 0.00

    Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information.

  • CVE-2025-31051MedJan 7, 2026
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through…

  • CVE-2025-62114MedDec 31, 2025
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in marcelotorres Download Media Library download-media-library allows Retrieve Embedded Sensitive Data.This issue affects Download Media Library: from n/a through <= 0.2.1.

  • CVE-2025-68988MedDec 30, 2025
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through <= 1.3.0.