CWE-201

Insertion of Sensitive Information Into Sent Data

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

324 vulnerabilities with CWE-201
CVE-2025-53987 MEDIUM
Crocoblock JetMenu <2.4.11.1 - Info Disclosure
CVSS 6.5
CVE-2025-53985 MEDIUM
Crocoblock JetTabs <2.2.9 - Info Disclosure
CVSS 6.5
CVE-2025-53983 MEDIUM
Crocoblock JetElements For Elementor <2.7.7 - Info Disclosure
CVSS 6.5
CVE-2025-53196 MEDIUM
Crocoblock JetEngine <3.7.0 - Info Disclosure
CVSS 6.5
CVE-2025-49408 CRITICAL
WPDeveloper Templately <3.2.7 - Info Disclosure
CVSS 10.0
CVE-2025-55710 MEDIUM
Steve Burge TaxoPress <3.37.2 - Info Disclosure
CVSS 4.3
CVE-2025-54685 MEDIUM
Brainstorm Force SureDash <1.1.0 - Info Disclosure
CVSS 6.5
CVE-2025-8862 HIGH
YugabyteDB Sensitive Information Exposure via Diagnostic Data Collection
CVE-2025-7204 MEDIUM
ConnectWise Professional Service Automation < 2025.9 - Authenticated Sensitive Information Exposure via User Object API
CVSS 6.5
CVE-2025-53322 MEDIUM
ZealousWeb Accept Authorize.NET Payments Using Contact Form 7 - Inf...
CVSS 5.3
CVE-2025-53309 MEDIUM
ZealousWeb Accept Stripe Payments Using Contact Form 7 - Info Discl...
CVSS 5.3
CVE-2025-49584 HIGH
XWiki <16.4.6, 16.5.0-rc-1, 16.10.2, 17.0.0-rc-1 - Info Disclosure
CVSS 7.5
CVE-2025-48261 HIGH
MultiVendorX <4.2.22 - Info Disclosure
CVSS 7.5
CVE-2025-49294 MEDIUM
CodeRevolution Crawlomatic <2.6.8.2 - Info Disclosure
CVSS 5.3
CVE-2025-5733 MEDIUM
Modern Events Calendar Lite <7.21.9 - Info Disclosure
CVSS 5.3
CVE-2025-48934 MEDIUM
Deno <2.1.13, 2.2.13 - Info Disclosure
CVSS 5.3
CVE-2025-31134 HIGH
FreshRSS < 1.26.2 - Information Disclosure via Directory Existence Check
CVSS 7.5
CVE-2025-48996 MEDIUM
HAX open-apis <10.0.2 - Info Disclosure
CVSS 5.3
CVE-2025-48331 HIGH
Vanquish WooCommerce Orders & Customers Exporter <5.0 - Info Disclo...
CVSS 7.5
CVE-2025-48381 MEDIUM
CVAT 2.4.0-2.38.0 - Authenticated Information Disclosure and Denial of Service
CVSS 4.3
CVE-2025-48045 HIGH
NetFax Server < 3.0.1.0 - Unauthenticated Administrator Credential Disclosure via /client.php
CVE-2025-48749 CRITICAL
Netwrix Directory Manager <11.1.25134.03 - Info Disclosure
CVSS 9.1
CVE-2025-39498 MEDIUM
Spotlight Spotlight <1.7.1 - Info Disclosure
CVSS 5.3
CVE-2025-47541 HIGH
WPFunnels Mail Mint <1.17.7 - Info Disclosure
CVSS 7.5
CVE-2025-48219 LOW
O2 UK <2025-05-19 - Info Disclosure
CVSS 3.5
Details
Vulnerabilities 324
Links
MITRE CWE Entry Search this CWE With Exploits