CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Description
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-170 · CAPEC-694
CVEs mapped to this weakness (213)
page 9 of 11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-63070 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve Embedded Sensitive Data.This issue affects Download Manager: from n/a through <= 3.3.32. | ||
| CVE-2025-63058 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Retrieve Embedded Sensitive Data.This issue affects Custom Field Template: from n/a through <= 2.7.6. | ||
| CVE-2025-63013 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensitive Data.This issue affects WP Hotel Booking: from n/a through <= 2.2.7. | ||
| CVE-2025-66056 | Med | 0.28 | 4.3 | 0.00 | Nov 21, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through < 6.10.0. | ||
| CVE-2025-64267 | Med | 0.28 | 4.3 | 0.00 | Nov 13, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPSwings WooCommerce Ultimate Points And Rewards woocommerce-ultimate-points-and-rewards allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Ultimate Points And… | ||
| CVE-2025-64228 | Med | 0.28 | 4.3 | 0.00 | Oct 29, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Affiliates Pro: from n/a through <= 11.0.0. | ||
| CVE-2025-60167 | Med | 0.28 | 4.3 | 0.00 | Sep 26, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in honzat Page Manager for Elementor page-manager-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Page Manager for Elementor: from n/a through <= 2.0.5. | ||
| CVE-2025-58007 | Med | 0.28 | 4.3 | 0.00 | Sep 22, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NerdPress Hubbub Lite social-pug allows Retrieve Embedded Sensitive Data.This issue affects Hubbub Lite: from n/a through <= 1.35.2. | ||
| CVE-2025-57937 | Med | 0.28 | 4.3 | 0.00 | Sep 22, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Retrieve Embedded Sensitive Data.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.10. | ||
| CVE-2025-57916 | Med | 0.28 | 4.3 | 0.00 | Sep 22, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Nurul Amin WP System Information wp-system-info allows Retrieve Embedded Sensitive Data.This issue affects WP System Information: from n/a through <= 1.5. | ||
| CVE-2025-53364 | Med | 0.28 | 5.3 | 0.01 | Jul 10, 2025 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the… | ||
| CVE-2025-52719 | Med | 0.28 | 4.3 | 0.00 | Jun 20, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Retrieve Embedded Sensitive Data.This issue affects ProfileGrid : from n/a through <= 5.9.5.2. | ||
| CVE-2025-32299 | Med | 0.28 | 4.3 | 0.00 | May 16, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themovation QuickCal - Appointment Booking Calendar for WordPress quickcal allows Retrieve Embedded Sensitive Data.This issue affects QuickCal - Appointment Booking Calendar for… | ||
| CVE-2025-31062 | Med | 0.28 | 4.3 | 0.00 | May 16, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist wishlist allows Retrieve Embedded Sensitive Data.This issue affects Wishlist: from n/a through <= 2.1.0. | ||
| CVE-2025-39589 | Med | 0.28 | 4.3 | 0.00 | Apr 16, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Retrieve Embedded Sensitive Data.This issue affects Essential Addons for Elementor: from n/a through… | ||
| CVE-2025-32228 | Med | 0.28 | 4.3 | 0.00 | Apr 10, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Retrieve Embedded Sensitive Data.This issue affects Ai Image Alt Text Generator for WP: from n/a… | ||
| CVE-2025-30802 | Med | 0.28 | 4.3 | 0.00 | Apr 1, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPBean Our Team Members our-team-members.This issue affects Our Team Members: from n/a through <= 2.2. | ||
| CVE-2025-26911 | Med | 0.28 | 4.3 | 0.00 | Feb 25, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard system-dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects System Dashboard: from n/a through <= 2.8.18. | ||
| CVE-2024-9929 | Med | 0.28 | 4.3 | 0.00 | Nov 26, 2024 | A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps. | ||
| CVE-2024-31419 | Med | 0.28 | 4.3 | 0.00 | Apr 3, 2024 | An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any guest in any namespace… |
- risk 0.28cvss 4.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve Embedded Sensitive Data.This issue affects Download Manager: from n/a through <= 3.3.32.
- risk 0.28cvss 4.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Retrieve Embedded Sensitive Data.This issue affects Custom Field Template: from n/a through <= 2.7.6.
- risk 0.28cvss 4.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensitive Data.This issue affects WP Hotel Booking: from n/a through <= 2.2.7.
- risk 0.28cvss 4.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through < 6.10.0.
- risk 0.28cvss 4.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPSwings WooCommerce Ultimate Points And Rewards woocommerce-ultimate-points-and-rewards allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Ultimate Points And…
- risk 0.28cvss 4.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Affiliates Pro: from n/a through <= 11.0.0.
- risk 0.28cvss 4.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in honzat Page Manager for Elementor page-manager-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Page Manager for Elementor: from n/a through <= 2.0.5.
- risk 0.28cvss 4.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NerdPress Hubbub Lite social-pug allows Retrieve Embedded Sensitive Data.This issue affects Hubbub Lite: from n/a through <= 1.35.2.
- risk 0.28cvss 4.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Retrieve Embedded Sensitive Data.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.10.
- risk 0.28cvss 4.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Nurul Amin WP System Information wp-system-info allows Retrieve Embedded Sensitive Data.This issue affects WP System Information: from n/a through <= 1.5.
- risk 0.28cvss 5.3epss 0.01
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the…
- risk 0.28cvss 4.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Retrieve Embedded Sensitive Data.This issue affects ProfileGrid : from n/a through <= 5.9.5.2.
- risk 0.28cvss 4.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themovation QuickCal - Appointment Booking Calendar for WordPress quickcal allows Retrieve Embedded Sensitive Data.This issue affects QuickCal - Appointment Booking Calendar for…
- risk 0.28cvss 4.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist wishlist allows Retrieve Embedded Sensitive Data.This issue affects Wishlist: from n/a through <= 2.1.0.
- risk 0.28cvss 4.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Retrieve Embedded Sensitive Data.This issue affects Essential Addons for Elementor: from n/a through…
- risk 0.28cvss 4.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Retrieve Embedded Sensitive Data.This issue affects Ai Image Alt Text Generator for WP: from n/a…
- risk 0.28cvss 4.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPBean Our Team Members our-team-members.This issue affects Our Team Members: from n/a through <= 2.2.
- risk 0.28cvss 4.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard system-dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects System Dashboard: from n/a through <= 2.8.18.
- risk 0.28cvss 4.3epss 0.00
A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps.
- risk 0.28cvss 4.3epss 0.00
An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any guest in any namespace…