CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Description
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-170 · CAPEC-694
CVEs mapped to this weakness (213)
page 6 of 11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-68606 | Med | 0.34 | 5.3 | 0.00 | Dec 24, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3. | ||
| CVE-2025-68494 | Med | 0.34 | 5.3 | 0.00 | Dec 24, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.53. | ||
| CVE-2025-67567 | Med | 0.34 | 5.3 | 0.00 | Dec 9, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in uixthemes Sober sober allows Retrieve Embedded Sensitive Data.This issue affects Sober: from n/a through <= 3.5.11. | ||
| CVE-2025-67565 | Med | 0.34 | 5.3 | 0.00 | Dec 9, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam Rehub rehub-theme allows Retrieve Embedded Sensitive Data.This issue affects Rehub: from n/a through <= 19.9.9.1. | ||
| CVE-2025-67564 | Med | 0.34 | 5.3 | 0.00 | Dec 9, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in alekv Pixel Manager for WooCommerce woocommerce-google-adwords-conversion-tracking-tag allows Retrieve Embedded Sensitive Data.This issue affects Pixel Manager for WooCommerce: from n/a… | ||
| CVE-2025-63009 | Med | 0.34 | 5.3 | 0.00 | Dec 9, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in yuvalo WP Google Analytics Events wp-google-analytics-events allows Retrieve Embedded Sensitive Data.This issue affects WP Google Analytics Events: from n/a through <= 2.8.2. | ||
| CVE-2025-62737 | Med | 0.34 | 5.3 | 0.00 | Dec 9, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in opicron Image Cleanup image-cleanup allows Retrieve Embedded Sensitive Data.This issue affects Image Cleanup: from n/a through <= 1.9.2. | ||
| CVE-2025-62735 | Med | 0.34 | 5.3 | 0.00 | Dec 9, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Joel User Spam Remover user-spam-remover allows Retrieve Embedded Sensitive Data.This issue affects User Spam Remover: from n/a through <= 1.1. | ||
| CVE-2025-66059 | Med | 0.34 | 5.3 | 0.00 | Nov 21, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0. | ||
| CVE-2025-13160 | Med | 0.34 | 5.3 | 0.00 | Nov 14, 2025 | IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal network. | ||
| CVE-2025-62902 | Med | 0.34 | 5.3 | 0.00 | Oct 27, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through <= 1.3.8. | ||
| CVE-2025-60119 | Med | 0.34 | 5.3 | 0.00 | Sep 26, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in CoSchedule CoSchedule coschedule-by-todaymade allows Retrieve Embedded Sensitive Data.This issue affects CoSchedule: from n/a through <= 3.3.11. | ||
| CVE-2025-60092 | Med | 0.34 | 5.3 | 0.00 | Sep 26, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve Embedded Sensitive Data.This issue affects Download Manager: from n/a through <= 3.3.25. | ||
| CVE-2025-59582 | Med | 0.34 | 5.3 | 0.01 | Sep 22, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Darren Cooney Ajax Load More ajax-load-more allows Retrieve Embedded Sensitive Data.This issue affects Ajax Load More: from n/a through <= 7.6.0.2. | ||
| CVE-2025-58015 | Med | 0.34 | 5.3 | 0.00 | Sep 22, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Ays Pro Quiz Maker quiz-maker allows Retrieve Embedded Sensitive Data.This issue affects Quiz Maker: from n/a through <= 6.7.0.65. | ||
| CVE-2025-58797 | Med | 0.34 | 5.3 | 0.00 | Sep 5, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Mahmudul Hasan Arif Ninja Charts ninja-charts allows Retrieve Embedded Sensitive Data.This issue affects Ninja Charts: from n/a through <= 3.3.5. | ||
| CVE-2025-57888 | Med | 0.34 | 5.3 | 0.00 | Aug 22, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NooTheme Jobmonster noo-jobmonster allows Retrieve Embedded Sensitive Data.This issue affects Jobmonster: from n/a through <= 4.8.0. | ||
| CVE-2025-48355 | Med | 0.34 | 5.3 | 0.00 | Aug 21, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ProveSource LTD ProveSource Social Proof provesource allows Retrieve Embedded Sensitive Data.This issue affects ProveSource Social Proof: from n/a through <= 3.1.2. | ||
| CVE-2025-54736 | Med | 0.34 | 5.3 | 0.00 | Aug 14, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NordicMade Savoy savoy allows Retrieve Embedded Sensitive Data.This issue affects Savoy: from n/a through <= 3.0.8. | ||
| CVE-2025-7381 | Med | 0.34 | 5.3 | 0.00 | Jul 9, 2025 | ImpactThis is an information disclosure vulnerability originating from PHP's base image. This vulnerability exposes the PHP version through an X-Powered-By header, which attackers could exploit to fingerprint the server and identify potential weaknesses. WorkaroundsThe… |
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.53.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in uixthemes Sober sober allows Retrieve Embedded Sensitive Data.This issue affects Sober: from n/a through <= 3.5.11.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam Rehub rehub-theme allows Retrieve Embedded Sensitive Data.This issue affects Rehub: from n/a through <= 19.9.9.1.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in alekv Pixel Manager for WooCommerce woocommerce-google-adwords-conversion-tracking-tag allows Retrieve Embedded Sensitive Data.This issue affects Pixel Manager for WooCommerce: from n/a…
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in yuvalo WP Google Analytics Events wp-google-analytics-events allows Retrieve Embedded Sensitive Data.This issue affects WP Google Analytics Events: from n/a through <= 2.8.2.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in opicron Image Cleanup image-cleanup allows Retrieve Embedded Sensitive Data.This issue affects Image Cleanup: from n/a through <= 1.9.2.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Joel User Spam Remover user-spam-remover allows Retrieve Embedded Sensitive Data.This issue affects User Spam Remover: from n/a through <= 1.1.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
- risk 0.34cvss 5.3epss 0.00
IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal network.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through <= 1.3.8.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in CoSchedule CoSchedule coschedule-by-todaymade allows Retrieve Embedded Sensitive Data.This issue affects CoSchedule: from n/a through <= 3.3.11.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve Embedded Sensitive Data.This issue affects Download Manager: from n/a through <= 3.3.25.
- risk 0.34cvss 5.3epss 0.01
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Darren Cooney Ajax Load More ajax-load-more allows Retrieve Embedded Sensitive Data.This issue affects Ajax Load More: from n/a through <= 7.6.0.2.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Ays Pro Quiz Maker quiz-maker allows Retrieve Embedded Sensitive Data.This issue affects Quiz Maker: from n/a through <= 6.7.0.65.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Mahmudul Hasan Arif Ninja Charts ninja-charts allows Retrieve Embedded Sensitive Data.This issue affects Ninja Charts: from n/a through <= 3.3.5.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NooTheme Jobmonster noo-jobmonster allows Retrieve Embedded Sensitive Data.This issue affects Jobmonster: from n/a through <= 4.8.0.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ProveSource LTD ProveSource Social Proof provesource allows Retrieve Embedded Sensitive Data.This issue affects ProveSource Social Proof: from n/a through <= 3.1.2.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NordicMade Savoy savoy allows Retrieve Embedded Sensitive Data.This issue affects Savoy: from n/a through <= 3.0.8.
- risk 0.34cvss 5.3epss 0.00
ImpactThis is an information disclosure vulnerability originating from PHP's base image. This vulnerability exposes the PHP version through an X-Powered-By header, which attackers could exploit to fingerprint the server and identify potential weaknesses. WorkaroundsThe…