CWE-201— Insertion of Sensitive Information Into Sent Data
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.— MITRE CWE catalog
346 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-201page 5 of 7
- CVE-2025-62026MEDIUMCVSS 4.3EG 4.32025-10-22
Insertion of Sensitive Information Into Sent Data vulnerability in Blockspare Blockspare blockspare allows Retrieve Embedded Sensitive Data.This issue affects Blockspare: from n/a through <= 3.2.13.2.
- CVE-2025-62038MEDIUMCVSS 6.5EG 6.52025-11-06
Insertion of Sensitive Information Into Sent Data vulnerability in Sovlix MeetingHub meetinghub allows Retrieve Embedded Sensitive Data.This issue affects MeetingHub: from n/a through <= 1.23.9.
- CVE-2025-62039HIGHCVSS 7.5EG 7.52025-11-06
Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Retrieve Embedded Sensitive Data.This issue affects AI ChatBot with ChatGPT and Co…
- CVE-2025-62062MEDIUMCVSS 5.5EG 5.32025-10-22
Insertion of Sensitive Information Into Sent Data vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Retrieve Embedded Sensitive Data.This issue affects Easy Post Submission: from n/a through <= 1.7.0.
- CVE-2025-62109MEDIUMCVSS 5.3EG 7.52025-12-09
Insertion of Sensitive Information Into Sent Data vulnerability in INFINITUM FORM Geo Controller cf-geoplugin allows Retrieve Embedded Sensitive Data.This issue affects Geo Controller: from n/a through <= 8.9.4.
- CVE-2025-62126MEDIUMCVSS 5.3EG 5.32025-12-31
Insertion of Sensitive Information Into Sent Data vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching vcaching allows Retrieve Embedded Sensitive Data.This issue affects Varnish/Nginx Proxy Caching: from n/a through <= 1.8.3.
- CVE-2025-62139MEDIUMCVSS 5.3EG 5.32025-12-31
Insertion of Sensitive Information Into Sent Data vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows Retrieve Embedded Sensitive Data.This issue affects Terms descriptions: from n/a through <= 3.4.10.
- CVE-2025-62305MEDIUMCVSS 5.1EG 5.12026-05-14
HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allow exposure of data to external systems u…
- CVE-2025-62308MEDIUMCVSS 5.1EG 5.12026-05-14
HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further…
- CVE-2025-62309LOWCVSS 2.6EG 2.62026-05-14
HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific cond…
- CVE-2025-62895MEDIUMCVSS 5.3EG 7.52025-10-27
Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.1.
- CVE-2025-62947MEDIUMCVSS 5.0EG 7.52025-10-27
Insertion of Sensitive Information Into Sent Data vulnerability in publitio Publitio publitio allows Retrieve Embedded Sensitive Data.This issue affects Publitio: from n/a through <= 2.2.5.
- CVE-2025-62979MEDIUMCVSS 5.3EG 5.32025-10-27
Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through <= 3.3.4.
- CVE-2025-62994MEDIUMCVSS 4.3EG 4.32025-12-09
Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through <= 1.2.7.
- CVE-2025-62997MEDIUMCVSS 5.3EG 5.32025-12-09
Insertion of Sensitive Information Into Sent Data vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Retrieve Embedded Sensitive Data.This issue affects WP EasyCart: from n/a through <= 5.8.11.
- CVE-2025-62998MEDIUMCVSS 5.0EG 5.02025-12-18
Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through <= 1.2.7.
- CVE-2025-63007MEDIUMCVSS 4.3EG 4.32025-12-09
Insertion of Sensitive Information Into Sent Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.4.1.
- CVE-2025-63019MEDIUMCVSS 5.3EG 7.52026-01-22
Insertion of Sensitive Information Into Sent Data vulnerability in Johan Jonk Stenström Cookies and Content Security Policy cookies-and-content-security-policy allows Retrieve Embedded Sensitive Data.This issue affects Cookies and Content…
- CVE-2025-63071MEDIUMCVSS 5.3EG 5.32025-12-09
Insertion of Sensitive Information Into Sent Data vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Retrieve Embedded Sensitive Data.This issue affects Shortcodes and extra features for Phlox theme…
- CVE-2025-64213HIGHCVSS 7.5EG 7.52025-12-18
Insertion of Sensitive Information Into Sent Data vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS Pro: from n/a t…
- CVE-2025-64218HIGHCVSS 7.5EG 7.52025-12-18
Insertion of Sensitive Information Into Sent Data vulnerability in WP Chill Passster content-protector allows Retrieve Embedded Sensitive Data.This issue affects Passster: from n/a through <= 4.2.19.
- CVE-2025-64295MEDIUMCVSS 6.5EG 6.52025-12-18
Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Retrieve Embedded Sensitive Data.This issue affects All In One SEO Pack: from n/a through <= 4.8.6.1.
- CVE-2025-64299LOWCVSS 2.7EG 4.92025-11-21
LogStare Collector improperly handles the password hash data. An administrative user may obtain the other users' password hashes.
- CVE-2025-64351MEDIUMCVSS 4.3EG 4.32025-10-31
Insertion of Sensitive Information Into Sent Data vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Retrieve Embedded Sensitive Data.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.
- CVE-2025-64407MEDIUMCVSS 5.3EG 5.32025-11-12
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Such links could also be used t…
- CVE-2025-64502MEDIUMCVSS 6.9EG 6.92025-11-10
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB `explain()` method provides detailed information about query execution plans, including index usage, collection scanning be…
- CVE-2025-64748MEDIUMCVSS 6.5EG 6.52025-11-13
Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual val…
- CVE-2025-65944MEDIUMCVSS 5.1EG 5.12025-11-25
Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible to inadvertently send certain sensitive HTTP heade…
- CVE-2025-66035HIGHCVSS 7.7EG 7.72025-11-26
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in…
- CVE-2025-66116HIGHCVSS 7.5EG 7.52025-12-18
Insertion of Sensitive Information Into Sent Data vulnerability in UserElements Ultimate Member Widgets for Elementor ultimate-member-widgets-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Member Widgets …
- CVE-2025-66125MEDIUMCVSS 5.3EG 5.32025-12-16
Insertion of Sensitive Information Into Sent Data vulnerability in Nitesh Ultimate Auction ultimate-auction allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Auction : from n/a through <= 4.3.3.
- CVE-2025-66126MEDIUMCVSS 5.3EG 5.32025-12-16
Insertion of Sensitive Information Into Sent Data vulnerability in wowpress.host Fix Media Library wow-media-library-fix allows Retrieve Embedded Sensitive Data.This issue affects Fix Media Library: from n/a through <= 2.0.
- CVE-2025-66304HIGHCVSS 7.2EG 6.22025-12-01
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially …
- CVE-2025-66388MEDIUMCVSS 6.5EG 6.52025-12-15
A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users a…
- CVE-2025-66566HIGHCVSS 8.2EG 8.22025-12-05
yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted co…
- CVE-2025-67721HIGHCVSS 7.5EG 7.52025-12-12
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allo…
- CVE-2025-67857MEDIUMCVSS 4.3EG 4.32026-02-03
A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and pote…
- CVE-2025-67931HIGHCVSS 7.5EG 7.52026-01-08
Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulletproof-security allows Retrieve Embedded Sensitive Data.This issue affects BulletProof Security: from n/a through <= 6.9.
- CVE-2025-68006MEDIUMCVSS 6.5EG 6.52026-01-22
Insertion of Sensitive Information Into Sent Data vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Retrieve Embedded Sensitive Data.This issue affects Booking Ultra Pro: from n/a through <= 1.1.23.
- CVE-2025-68014MEDIUMCVSS 6.5EG 6.52026-01-05
Insertion of Sensitive Information Into Sent Data vulnerability in awethemes AweBooking awebooking allows Retrieve Embedded Sensitive Data.This issue affects AweBooking: from n/a through <= 3.2.26.
- CVE-2025-68029MEDIUMCVSS 6.3EG 6.32026-01-05
Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a thr…
- CVE-2025-68033HIGHCVSS 7.5EG 7.52026-01-05
Insertion of Sensitive Information Into Sent Data vulnerability in Brecht Custom Related Posts custom-related-posts allows Retrieve Embedded Sensitive Data.This issue affects Custom Related Posts: from n/a through <= 1.8.0.
- CVE-2025-68035HIGHCVSS 7.5EG 7.52026-01-22
Insertion of Sensitive Information Into Sent Data vulnerability in tabbyai Tabby Checkout tabby-checkout allows Retrieve Embedded Sensitive Data.This issue affects Tabby Checkout: from n/a through <= 5.8.4.
- CVE-2025-68040MEDIUMCVSS 6.5EG 6.52025-12-30
Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 3.0.1.
- CVE-2025-68515MEDIUMCVSS 5.8EG 5.82026-03-05
Insertion of Sensitive Information Into Sent Data vulnerability in Roland Murg WP Booking System wp-booking-system allows Retrieve Embedded Sensitive Data.This issue affects WP Booking System: from n/a through <= 2.0.19.12.
- CVE-2025-68516MEDIUMCVSS 5.0EG 7.52025-12-24
Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through <= 1.1.35.1.
- CVE-2025-68855MEDIUMCVSS 5.9EG 5.92026-02-20
Insertion of Sensitive Information Into Sent Data vulnerability in themeglow JobBoard Job listing job-board-light allows Retrieve Embedded Sensitive Data.This issue affects JobBoard Job listing: from n/a through <= 1.2.8.
- CVE-2025-68989MEDIUMCVSS 4.3EG 7.52025-12-30
Insertion of Sensitive Information Into Sent Data vulnerability in Renzo Johnson contact-form-7-mailchimp-extension contact-form-7-mailchimp-extension allows Retrieve Embedded Sensitive Data.This issue affects contact-form-7-mailchimp-exte…
- CVE-2025-69132MEDIUMCVSS 6.5EG 6.52026-07-02
Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions.
- CVE-2025-7000MEDIUMCVSS 4.3EG 4.32025-11-15
An issue has been discovered in GitLab CE/EE affecting all versions from 17.6 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that, under specific conditions, could have allowed unauthorized users to view confidential branch n…
Map vulnerabilities like CWE-201 to your infrastructure
EchelonGraph correlates every CVE — across CWE-201 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →