CWE-200: Information Exposure

This vulnerability allows unauthenticated attackers to extract sensitive user information from WordPress sites using the Ultimate Member plugin. Attac...

This vulnerability in the WordPress Events Manager plugin allows unauthenticated attackers to access sensitive event location data that should be prot...

The Guest Support WordPress plugin up to version 1.2.3 contains an unauthenticated user email disclosure vulnerability. Attackers can exploit a public...

This vulnerability in Tenda AC9 routers allows remote attackers to access configuration files via the /cgi-bin/DownloadCfg.jpg endpoint, potentially e...

This vulnerability in Verysync 2.21.3 allows remote attackers to access sensitive information through the web administration module. The exploit targe...

An information disclosure vulnerability in Verysync's web administration module allows remote attackers to access sensitive data via a specific API en...

The WebP Express WordPress plugin exposes configuration data through predictable config file names on NGINX servers. Unauthenticated attackers can acc...

The MxChat WordPress plugin exposes sensitive session information through uploaded filenames, allowing unauthenticated attackers to access conversatio...

Horde Groupware v5.2.22 contains a user enumeration vulnerability that allows unauthenticated attackers to determine valid user accounts by checking r...

The Zigaform WordPress plugin exposes sensitive form submission data through an unauthenticated AJAX endpoint. Unauthenticated attackers can extract p...

The Locker Content WordPress plugin version 1.0.0 contains a sensitive information exposure vulnerability in its 'lockerco_submit_post' AJAX endpoint....

The BigBuy Dropshipping Connector for WooCommerce WordPress plugin is vulnerable to IP address spoofing due to improper validation of user-supplied HT...

This vulnerability in the LearnPress WordPress LMS plugin allows unauthenticated attackers to access sensitive educational content through a REST API ...

The Quiz Maker WordPress plugin exposes quiz answers to unauthenticated attackers through an AJAX endpoint with insufficient authorization. This vulne...

The New User Approve WordPress plugin has an API key validation vulnerability using loose equality comparison (== instead of ===). Unauthenticated att...

This broken access control vulnerability allows authenticated low-privilege users to access sensitive information through the web management interface...

The Comment Edit Core plugin for WordPress exposes sensitive user data including email addresses, IPs, and user IDs through an unauthenticated AJAX en...

This vulnerability in the Academy LMS WordPress plugin exposes sensitive information including Facebook App Secret to unauthenticated attackers when F...

This vulnerability in lakeFS allows unauthenticated access to the /api/v1/usage-report/summary endpoint, enabling anyone to retrieve aggregate API usa...

This vulnerability in ownCloud Guests allows unauthenticated attackers to enumerate valid pending guest user email addresses. Attackers can determine ...

This vulnerability allows unauthenticated attackers to access all WooCommerce coupon codes, IDs, and expiration status through a misconfigured REST AP...

The KiotViet Sync WordPress plugin exposes webhook tokens to unauthenticated attackers through an API endpoint vulnerability. This allows attackers to...

codeshare v1.0.0 contains an information leakage vulnerability that allows unauthorized access to users' full collaboration history. This affects all ...

The Analytify Pro WordPress plugin exposes usernames in HTML source code to unauthenticated visitors. This affects all WordPress sites using Analytify...

The WooCommerce plugin for WordPress versions up to 7.8.2 has improper CORS handling on Store API REST endpoints, allowing unauthenticated attackers t...

PILOS (Platform for Interactive Live-Online Seminars) before version 4.8.0 exposes the PHP version via the X-Powered-By HTTP header, allowing attacker...

The eRoom WordPress plugin exposes Zoom SDK secret keys in client-side JavaScript, allowing unauthenticated attackers to extract these credentials. Th...

The PowerBI Embed Reports WordPress plugin up to version 1.2.0 contains an unauthenticated information disclosure vulnerability. Attackers can access ...

The Code Quality Control Tool WordPress plugin versions 0.1 exposes sensitive information through publicly accessible log files. Unauthenticated attac...

Frappe Learning versions before 2.38.0 stored student-uploaded assignment attachments as public files, allowing anyone with the file URL to access the...

This vulnerability allows unauthenticated network attackers to determine whether specific LXD projects exist by sending crafted requests with wildcard...

The File Manager, Code Editor, and Backup by Managefy WordPress plugin exposes sensitive information through publicly accessible log files. Unauthenti...

An unauthenticated API endpoint in Vasion Print (formerly PrinterLogic) allows remote attackers to enumerate all group objects for a tenant. This expo...

Campcodes Farm Management System 1.0 contains an information disclosure vulnerability that allows remote attackers to access sensitive file and direct...

This CVE-2025-11028 vulnerability in givanz Vvveb's Image Handler component allows remote attackers to perform manipulation that results in informatio...

This vulnerability in geyang ml-logger allows remote attackers to perform information disclosure by manipulating the 'key' argument in the stream_hand...

The Events Calendar WordPress plugin versions up to 6.15.2 expose information about password-protected vendors or venues through a REST endpoint vulne...

This vulnerability in Wavlink WL-WN578W2 routers allows remote attackers to access sensitive information through the /live_online.shtml file. The flaw...

This vulnerability allows attackers to download encrypted database files containing passwords from Siemens building automation controllers without aut...

An information disclosure vulnerability in Cisco phone systems allows unauthenticated remote attackers to access sensitive information when Web Access...

An information disclosure vulnerability in Das Parking Management System 6.2.0 allows remote attackers to access sensitive data through the /Operator/...

Das Parking Management System 6.2.0 has an information disclosure vulnerability in the /Operator/Search file that allows remote attackers to access se...

This vulnerability in Contao CMS allows protected content elements to be indexed and publicly accessible through the front-end search functionality. A...

This vulnerability in YiFang CMS allows remote attackers to access sensitive information through the exportInstallTable function in Migrate.php. It af...

This vulnerability in zlt2000 microservices-platform exposes sensitive information through the Spring Actuator endpoint. Attackers can remotely access...

The GiveWP WordPress plugin up to version 4.6.0 exposes donor information including names, emails, and donor IDs to unauthenticated attackers. This vu...

This vulnerability in Exrick xboot allows remote attackers to access sensitive information through Spring Boot Admin/Spring Actuator endpoints. It aff...

This vulnerability allows unauthorized users to access cached content from Umbraco's Content Delivery API even when API key authentication is required...

The WoodMart WordPress theme plugin has an information exposure vulnerability that allows unauthenticated attackers to access password-protected, priv...

Infoblox NETMRI versions before 7.6.1 contain a vulnerability that allows remote authenticated users to read arbitrary files with root-level access. T...