Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-57757

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-28 Aug, 2025 | 16:32
Updated At-28 Aug, 2025 | 17:48
Rejected At-
Credits

Contao discloses information in the news module

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not adding protected news archives to the news feed page.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:28 Aug, 2025 | 16:32
Updated At:28 Aug, 2025 | 17:48
Rejected At:
▼CVE Numbering Authority (CNA)
Contao discloses information in the news module

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not adding protected news archives to the news feed page.

Affected Products
Vendor
Contao Associationcontao
Product
contao
Versions
Affected
  • >= 5.0.0-RC1, < 5.3.38
  • >= 5.4.0-RC1, < 5.6.1
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWECWE-212CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer
Type: CWE
CWE ID: CWE-200
Description: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-212
Description: CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p
x_refsource_CONFIRM
https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271
x_refsource_MISC
https://contao.org/en/security-advisories/information-disclosure-in-the-news-module
x_refsource_MISC
Hyperlink: https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271
Resource:
x_refsource_MISC
Hyperlink: https://contao.org/en/security-advisories/information-disclosure-in-the-news-module
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:28 Aug, 2025 | 17:15
Updated At:02 Sep, 2025 | 17:38

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not adding protected news archives to the news feed page.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Contao Association
contao
>>contao>>Versions from 5.3.0(inclusive) to 5.3.38(exclusive)
cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*
Contao Association
contao
>>contao>>Versions from 5.4.0(inclusive) to 5.6.1(exclusive)
cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarysecurity-advisories@github.com
CWE-212Primarysecurity-advisories@github.com
CWE ID: CWE-200
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-212
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://contao.org/en/security-advisories/information-disclosure-in-the-news-modulesecurity-advisories@github.com
Vendor Advisory
https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271security-advisories@github.com
Patch
https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7psecurity-advisories@github.com
Patch
Third Party Advisory
Hyperlink: https://contao.org/en/security-advisories/information-disclosure-in-the-news-module
Source: security-advisories@github.com
Resource:
Vendor Advisory
Hyperlink: https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

822Records found
CVE-2020-10090
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.49%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 16:24
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-29235
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.54% / 67.28%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 23:25
Updated-03 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Limited data exposure for shared external videos in BigBlueButton

BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp and play/pause. The problem has been patched in versions 2.3.18 and 2.4-rc-6 by modifying the stream to send the data only for users in the meeting. There are currently no known workarounds.

Action-Not Available
Vendor-bigbluebuttonbigbluebutton
Product-bigbluebuttonbigbluebutton
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-7842
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.25% / 47.83%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 21:31
Updated-18 Feb, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Graduate Tracer System export_it.php information disclosure

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Graduate Tracer System 1.0. This issue affects some unknown processing of the file /tracking/admin/export_it.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-tamparongj03SourceCodestertamparongj_03
Product-online_graduate_tracer_systemOnline Graduate Tracer Systemonline_graduate_tracer_system
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-13829
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.36%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 05:22
Updated-05 Feb, 2025 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.8 - Unauthenticated Sensitive Information Exposure

The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.0.8 via the 'attachments.php' file. This makes it possible for unauthenticated attackers to extract sensitive data including files uploaded via forms.

Action-Not Available
Vendor-tripetto
Product-WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-13498
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 50.38%
||
7 Day CHG~0.00%
Published-12 Mar, 2025 | 05:22
Updated-12 Mar, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.8.1 - Unauthenticated Sensitive Information Exposure

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This makes it possible for unauthenticated attackers to extract sensitive data including files uploaded via a form.

Action-Not Available
Vendor-webaways
Product-NEX-Forms – Ultimate Form Builder – Contact forms and much more
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-8461
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-1.26% / 79.08%
||
7 Day CHG~0.00%
Published-05 Sep, 2024 | 12:31
Updated-12 Sep, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DNS-320 Web Management Interface discovery.cgi information disclosure

A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

Action-Not Available
Vendor-D-Link Corporation
Product-dns-320_firmwaredns-320DNS-320dns-320
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-12575
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.50%
||
7 Day CHG~0.00%
Published-16 Aug, 2025 | 02:24
Updated-18 Aug, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.8.9 - Unauthenticated Basic Information Exposure

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'ays_finish_poll' AJAX action. This makes it possible for unauthenticated attackers to retrieve admin email information which is exposed in the poll response.

Action-Not Available
Vendor-AYS Pro Extensions
Product-Poll Maker – Versus Polls, Anonymous Polls, Image Polls
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-13086
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.62%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 16:12
Updated-30 Jan, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: QTS 5.2.0.2851 build 20240808 and later QuTS hero h5.2.0.2851 build 20240808 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qtsquts_heroQTSQuTS hero
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-12984
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.20% / 42.23%
||
7 Day CHG~0.00%
Published-27 Dec, 2024 | 14:31
Updated-27 Dec, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Amcrest IP2M-841B Web Interface webCapsConfig information disclosure

A vulnerability classified as problematic has been found in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S up to 20241211. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Amcrest Industries LLC.
Product-IPC-IP3M-HX2BIPC-IPM-721SIP2M-841BIPC-IP3M-943BIP2M-841WIPC-IP3M-943SIPC-IP2M-841B
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2019-9103
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 59.75%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 14:27
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker can access sensitive information (e.g., conduct username disclosure attacks) on the built-in WEB-service without authorization.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-mb3180_firmwaremb3270_firmwaremb3480_firmwaremb3270mb3170_firmwaremb3660mb3170mb3280mb3660_firmwaremb3480mb3180mb3280_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-12578
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 52.98%
||
7 Day CHG~0.00%
Published-14 Dec, 2024 | 04:23
Updated-17 Jan, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tickera – WordPress Event Ticketing <= 3.5.4.8 - Unauthenticated Customer Data Exposure

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, email addresses, check-in/out timestamps and more.

Action-Not Available
Vendor-tickera
Product-Tickera – WordPress Event Ticketing
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-12250
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 52.98%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 03:22
Updated-18 Dec, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Accept Authorize.NET Payments Using Contact Form 7 <= 2.2 - Unauthenticated Information Exposure

The Accept Authorize.NET Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2 via the cf7adn-info.php file. This makes it possible for unauthenticated attackers to extract configuration data which can be used to aid in other attacks.

Action-Not Available
Vendor-zealopensource
Product-Accept Authorize.NET Payments Using Contact Form 7
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-12255
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.73%
||
7 Day CHG~0.00%
Published-12 Dec, 2024 | 05:24
Updated-02 Jul, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Accept Stripe Payments Using Contact Form 7 <= 2.5 - Unauthenticated Information Exposure

The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo() data. This makes it possible for unauthenticated attackers to extract configuration information that can be leveraged in another attack.

Action-Not Available
Vendor-zealouswebzealopensource
Product-accept_stripe_payments_using_contact_form_7Accept Stripe Payments Using Contact Form 7
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-12637
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.33%
||
7 Day CHG~0.00%
Published-17 Jan, 2025 | 07:01
Updated-12 Feb, 2025 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moving Users <= 1.05 - Unauthenticated Sensitive Information Exposure

The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.05 via the export functionality. The JSON files are stored in predictable locations with guessable file names when exporting user data. This could allow unauthenticated attackers to extract sensitive user data, for instance, email addresses, hashed passwords, and IP addresses.

Action-Not Available
Vendor-katsushi-kawamori
Product-Moving Users
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-7382
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.38%
||
7 Day CHG~0.00%
Published-09 Aug, 2024 | 09:30
Updated-12 Aug, 2024 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linkify Text <= 1.9.1 - Unauthenticated Full Path Disclosure

The Linkify Text plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own and requires another vulnerability to be present for damage to an affected website.

Action-Not Available
Vendor-coffee2codecoffee2code
Product-Linkify Textlinkify-text
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-7413
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.38%
||
7 Day CHG~0.00%
Published-09 Aug, 2024 | 09:30
Updated-12 Aug, 2024 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Obfuscate Email <= 3.8.1 - Unauthenticated Full Path Disclosure

The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.8.1. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.

Action-Not Available
Vendor-coffee2codecoffee2code
Product-Obfuscate Emailobfuscate_email
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-12434
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 51.11%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 03:27
Updated-26 Feb, 2025 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SureMembers <= 1.10.6 - Sensitive Information Exposure

The SureMembers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.6 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including restricted content.

Action-Not Available
Vendor-SureCart
Product-SureMembers
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-1255
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.06%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 19:00
Updated-27 Aug, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
sepidz SepidzDigitalMenu Waiters information disclosure

A vulnerability has been found in sepidz SepidzDigitalMenu up to 7.1.0728.1 and classified as problematic. This vulnerability affects unknown code of the file /Waiters. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252994 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-sepidzsepidzsepidz
Product-sepidzdigitalmenuSepidzDigitalMenusepidzdigitalmenu
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-12896
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.16% / 37.34%
||
7 Day CHG~0.00%
Published-22 Dec, 2024 | 23:00
Updated-24 Dec, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Intelbras VIP S4320 G2 Web Interface webCapsConfig information disclosure

A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222 and classified as problematic. Affected by this issue is some unknown functionality of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor assesses that "the information disclosed in the URL is not sensitive or poses any risk to the user".

Action-Not Available
Vendor-Intelbras
Product-VIP S4020 G3VIP S4320 G2VIP S4020 G2VIP S3020 G2
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2024-12159
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.46% / 63.81%
||
7 Day CHG+0.13%
Published-07 Jan, 2025 | 04:22
Updated-07 Jan, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords <= 3.1 - Information Exposure

The Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the print_php_information.php being publicly accessible. This makes it possible for unauthenticated attackers to extract sensitive configuration data that can be leveraged in another attack.

Action-Not Available
Vendor-muzaara
Product-Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-7412
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.38%
||
7 Day CHG~0.00%
Published-09 Aug, 2024 | 09:30
Updated-01 Mar, 2025 | 02:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
No Update Nag <= 1.4.12 - Unauthenticated Full Path Disclosure

The No Update Nag plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.12. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.

Action-Not Available
Vendor-coffee2codecoffee2code
Product-no_update_nagNo Update Nag
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-11295
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.46% / 63.81%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 07:02
Updated-18 Dec, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simple Page Access Restriction <= 1.0.29 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.

Action-Not Available
Vendor-pluginsandsnippets
Product-Simple Page Access Restriction
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-11291
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.46% / 63.81%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 11:09
Updated-04 Feb, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.4 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.

Action-Not Available
Vendor-cozmoslabsmadalinungureanu
Product-membership_\&_content_restriction_-_paid_member_subscriptionsPaid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-1200
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.69%
||
7 Day CHG~0.00%
Published-03 Feb, 2024 | 02:00
Updated-26 Aug, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jspxcms information disclosure

A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252698 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-jspxcmsn/ajspxcms
Product-jspxcmsJspxcmsjspxcms
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-6549
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.48% / 64.83%
||
7 Day CHG~0.00%
Published-27 Jul, 2024 | 01:51
Updated-01 Aug, 2024 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Admin Post Navigation <= 2.1 - Unauthenticated Full Path Disclosure

The Admin Post Navigation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.

Action-Not Available
Vendor-coffee2codecoffee2code
Product-Admin Post Navigationadmin_post_navigation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-6546
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.75% / 72.67%
||
7 Day CHG~0.00%
Published-27 Jul, 2024 | 01:51
Updated-01 Aug, 2024 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
One Click Close Comments <= 2.7.1 - Unauthenticated Full Path Disclosure

The One Click Close Comments plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.7.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.

Action-Not Available
Vendor-coffee2codecoffee2code
Product-One Click Close Commentsone_click_close_comments
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-11290
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 56.63%
||
7 Day CHG+0.02%
Published-07 Jan, 2025 | 04:22
Updated-07 Jan, 2025 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Member Access <= 1.1.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The Member Access plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

Action-Not Available
Vendor-brownoxford
Product-Member Access
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-6398
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.61%
||
7 Day CHG~0.00%
Published-15 Jul, 2024 | 08:52
Updated-01 Aug, 2024 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk is low, because other recommended default security policies such as URL categorization and GTI are in place in most policies to block access to uncategorized/high risk websites. Any information disclosed depends on how the customers have customized the block pages.

Action-Not Available
Vendor-skyhighsecuritySkyhigh
Product-secure_web_gatewaySecure Web Gateway
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-11294
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.46% / 63.81%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 08:22
Updated-17 Dec, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memberful <= 1.73.9 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as site members.

Action-Not Available
Vendor-memberful
Product-Memberful – Membership Plugin
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-11961
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.57%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 15:00
Updated-11 Dec, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Guangzhou Huayi Intelligent Technology Jeewms WmOmNoticeHController.java preHandle information disclosure

A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. It has been rated as problematic. This issue affects the function preHandle of the file src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The manipulation of the argument request leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-huayi-tecGuangzhou Huayi Intelligent Technologyguangzhou_huayi_intelligent_technology
Product-jeewmsJeewmsjeewms
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2024-11299
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 56.34%
||
7 Day CHG+0.17%
Published-22 Apr, 2025 | 11:12
Updated-30 Apr, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memberpress <= 1.11.37 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

Action-Not Available
Vendor-caseproofMemberPress
Product-memberpressMemberpress
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-6612
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 50.38%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 14:26
Updated-30 Oct, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSP violation leakage when using devtools

CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbirdfirefoxthunderbird
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-11351
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 52.98%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 12:24
Updated-11 Dec, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Restrict – membership, site, content and user access restrictions for WordPress <= 2.2.8 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The Restrict – membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

Action-Not Available
Vendor-tickera
Product-Restrict – membership, site, content and user access restrictions for WordPress
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-11297
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.70% / 71.52%
||
7 Day CHG~0.00%
Published-20 Dec, 2024 | 06:59
Updated-03 Jul, 2025 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Page Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

Action-Not Available
Vendor-miniorangecyberlord92
Product-page_restrictionPage Restriction WordPress (WP) – Protect WP Pages/Post
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-11292
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 52.98%
||
7 Day CHG~0.00%
Published-06 Dec, 2024 | 08:24
Updated-06 Dec, 2024 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Private Content Plus <= 3.6.1 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

Action-Not Available
Vendor-nimeshrmrWordPress.org
Product-WP Private Content Pluswp_private_content_plus_plugin
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-11282
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-1.13% / 77.98%
||
7 Day CHG+0.47%
Published-07 Jan, 2025 | 06:40
Updated-05 Jun, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Passster – Password Protect Pages and Content <= 4.2.10 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

Action-Not Available
Vendor-wpchillwpchill
Product-passsterPassster – Password Protect Pages and Content
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-11280
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.97% / 76.26%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 11:24
Updated-17 Dec, 2024 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PPWP – Password Protect Pages <= 1.9.5 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

Action-Not Available
Vendor-yuryonfolio
Product-PPWP – Password Protect Pages
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-12008
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-37.77% / 97.10%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 07:05
Updated-16 Jan, 2025 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
W3 Total Cache <= 2.8.1 Information Exposure via Log Files

The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF attacks. Note: the debug feature must be enabled for this to be a concern, and it is disabled by default.

Action-Not Available
Vendor-BoldGrid (InMotion Hosting, Inc.)
Product-w3_total_cacheW3 Total Cache
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-19627
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.86%
||
7 Day CHG~0.00%
Published-06 Dec, 2019 | 15:09
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.)

Action-Not Available
Vendor-rosn/a
Product-sros2n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-2683
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-12.51% / 93.77%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 20:15
Updated-06 Aug, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-linksys_e4200linksys_e4200_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-11153
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 51.11%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 11:22
Updated-05 Mar, 2025 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More <= 2.5.0 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.

Action-Not Available
Vendor-codeatlantic
Product-Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-11090
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.36%
||
7 Day CHG~0.00%
Published-26 Jan, 2025 | 06:41
Updated-30 Jan, 2026 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Membership Plugin – Restrict Content <= 3.2.13 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

Action-Not Available
Vendor-The Events Calendar (StellarWP)Liquid Web, LLC
Product-restrict_contentMembership Plugin – Restrict Content
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-11008
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.46% / 63.89%
||
7 Day CHG-0.14%
Published-11 Dec, 2024 | 10:57
Updated-11 Dec, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Members <= 3.2.10 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

Action-Not Available
Vendor-supercleanse
Product-Members – Membership & User Role Editor Plugin
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-11089
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 50.71%
||
7 Day CHG~0.00%
Published-21 Nov, 2024 | 13:55
Updated-07 Jul, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Anonymous Restricted Content <= 1.6.5 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The Anonymous Restricted Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to logged-in users.

Action-Not Available
Vendor-tarassychcayennecayenne
Product-anonymous_restricted_contentAnonymous Restricted Contentanonymous_restricted_content
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-10916
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-2.22% / 84.20%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 15:00
Updated-08 Nov, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L HTTP GET Request info.xml information disclosure

A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dns-340ldns-325_firmwaredns-320dns-320lw_firmwaredns-320_firmwaredns-320lwdns-340l_firmwaredns-325DNS-320LWDNS-325DNS-320DNS-340Ldns-340l_firmwaredns-320_firmwaredns-320lw_firmwaredns-325_firmware
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2019-4559
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.12%
||
7 Day CHG~0.00%
Published-10 Jan, 2020 | 15:35
Updated-16 Sep, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 166355.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-11106
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.46% / 63.81%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 11:09
Updated-10 Dec, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simple Restrict <= 1.2.7 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

Action-Not Available
Vendor-wpchillwpchill
Product-Simple Restrictsimple_restrict
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-5463
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.15%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 17:44
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabGitLab CE/EE
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-862
Missing Authorization
CVE-2024-10290
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.14% / 33.99%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:00
Updated-30 Oct, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZZCMS inc.php information disclosure

A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-zzcmsn/a
Product-zzcmsZZCMS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-11083
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.61% / 69.40%
||
7 Day CHG-0.02%
Published-27 Nov, 2024 | 05:31
Updated-05 Jun, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

Action-Not Available
Vendor-properfractioncollizo4skyprofilepress
Product-profilepressPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressloginwp
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 16
  • 17
  • Next
Details not found