CWE-201

Insertion of Sensitive Information Into Sent Data

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

323 vulnerabilities with CWE-201
CVE-2026-52695 HIGH
WordPress ABC Crypto Checkout plugin <= 1.8.2 - Sensitive Data Exposure vulnerability
CVSS 7.5
CVE-2026-52692 HIGH
WordPress Affiliates Manager plugin <= 2.9.50 - Sensitive Data Exposure vulnerability
CVSS 7.5
CVE-2026-49082 HIGH
WordPress Chatway Live Chat <= 1.4.8 - Subscriber Data Exposure
CVSS 7.4
CVE-2026-48965 MEDIUM
WordPress XCloner plugin <= 4.8.6 - Sensitive Data Exposure vulnerability
CVSS 6.5
CVE-2026-42667 HIGH
WordPress Bookly plugin <= 27.4 - Sensitive Data Exposure vulnerability
CVSS 7.5
CVE-2026-42384 HIGH
WordPress Simply Schedule Appointments plugin < 1.6.11.2 - Sensitive Data Exposure vulnerability
CVSS 7.5
CVE-2026-40789 HIGH
WordPress Amelia plugin <= 2.2 - Sensitive Data Exposure vulnerability
CVSS 7.5
CVE-2026-39480 HIGH
WordPress Backup Migration plugin <= 2.1.1 - Sensitive Data Exposure vulnerability
CVSS 7.5
CVE-2026-49064 HIGH
WordPress GetPaid plugin <= 2.8.49 - Sensitive Data Exposure vulnerability
CVSS 7.5
CVE-2026-7184 MEDIUM
Mattermost Remote Cluster PATCH API Leaks Authentication Tokens
CVSS 6.5
CVE-2026-44487 HIGH
Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter
CVSS 7.5
CVE-2026-46481 HIGH
OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users
CVSS 8.3
CVE-2026-42539 MEDIUM
IRIS <2.4.28 - Excessive Data Exposure
CVSS 6.5
CVE-2026-45739 LOW
Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs
CVSS 3.1
CVE-2026-4035 HIGH
MLflow < 3.11.0 - AI Gateway Secret Environment Variable Disclosure
CVSS 7.7
CVE-2026-44653 MEDIUM
LibreChat Shared MCP Server View Leaks Decrypted Admin Secrets
CVSS 6.5
CVE-2026-35447 MEDIUM
NamelessMC 2.2.4 - Private Profile Access Control Bypass and Cross-Profile Writes
CVE-2026-42673 HIGH
WordPress Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin <= 3.3.6 - Sensitive Data Exposure vulnerability
CVSS 7.5
CVE-2026-49370 LOW
Jetbrains YouTrack < 2026.1.13162 - Insertion of Sensitive Information Into Sent Data
CVSS 3.4
CVE-2026-10101 MEDIUM
Assisted-service: assisted-service: infraenv status leaks referenced pull-secret contents to namespace view users
CVSS 6.3
CVE-2026-45582 MEDIUM
n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters
CVSS 6.5
CVE-2026-42746 HIGH
WordPress Smart Online Order for Clover plugin <= 1.6.0 - Sensitive Data Exposure vulnerability
CVSS 7.3
CVE-2026-48877 MEDIUM
WordPress GenerateBlocks plugin <= 2.1.0 - Sensitive Data Exposure vulnerability
CVSS 6.5
CVE-2026-41181 MEDIUM
Traefik: Errors middleware forwards Authorization and Cookie headers to separate error page service
CVSS 5.8
CVE-2026-45215 MEDIUM
WordPress WP EasyPay plugin <= 4.3.0 - Sensitive Data Exposure vulnerability
CVSS 5.3
Details
Vulnerabilities 323
Links
MITRE CWE Entry Search this CWE With Exploits