CWE-200: Information Exposure

The Restrict Content plugin for WordPress (versions up to 2.2.8) allows unauthenticated attackers to access sensitive content from posts restricted to...

The ProfilePress WordPress plugin exposes sensitive information through WordPress core search functionality. Unauthenticated attackers can access rest...

The Simple Membership WordPress plugin exposes sensitive information through WordPress core search functionality. Unauthenticated attackers can access...

This vulnerability in Cisco RCM for StarOS Software allows unauthenticated remote attackers to connect to a debug service and execute debug commands, ...

This vulnerability allows remote attackers to access sensitive information through an unauthenticated HTTP GET request to /xml/info.xml on affected D-...

The LevelOne WBR-6012 router has an information disclosure vulnerability that allows unauthenticated users to access a verbose system log page contain...

The LevelOne WBR-6012 router has an information disclosure vulnerability where unauthenticated attackers can access a hidden web page that reveals the...

This vulnerability in ZZCMS 2023 allows remote attackers to access sensitive information through the file 3/qq-connect2.0/API/com/inc.php. The informa...

The All-in-One WP Migration and Backup plugin for WordPress exposes sensitive information through publicly accessible log files. Unauthenticated attac...

The Formidable Form Builder plugin for WordPress has an unauthenticated data exposure vulnerability that allows attackers to export all form entries w...

The WPIDE plugin for WordPress discloses the full server path to unauthenticated attackers due to improper error handling in the PHP-Parser library. T...

The uListing WordPress plugin versions up to 2.1.5 expose sensitive information to unauthorized actors. This vulnerability allows attackers to access ...

The PeepSo WordPress plugin discloses full server path information to unauthenticated attackers through error messages in the sse.php file. This vulne...

The Remember Me Controls WordPress plugin up to version 2.0.1 allows unauthenticated attackers to retrieve the full server path via direct access to b...

The Premium SEO Pack WordPress plugin exposes sensitive information from password-protected posts through social meta data. Unauthenticated attackers ...

The Mediavine Create WordPress plugin versions up to 1.9.8 contain an information disclosure vulnerability that allows unauthorized actors to access s...

Store Locator Plus WordPress plugin versions up to 2311.17.01 expose sensitive information to unauthorized actors. This vulnerability allows attackers...

The PureVPN Linux client 2.0.2-Productions fails to properly route DNS queries through the VPN tunnel, allowing DNS requests to leak to ISP or default...

The MaxButtons WordPress plugin exposes full server path information to unauthenticated attackers in versions up to 9.7.8. This information disclosure...

This vulnerability in SourceCodester Online Graduate Tracer System 1.0 allows remote attackers to access sensitive information through the /tracking/a...

The Newsletters plugin for WordPress has a full path disclosure vulnerability that allows unauthenticated attackers to retrieve the web application's ...

The Olive One Click Demo Import WordPress plugin versions up to 1.1.2 contains an access control vulnerability that allows unauthorized users to acces...

This vulnerability in the Weblizar Coming Soon WordPress plugin allows unauthorized actors to access sensitive information due to improper access cont...

This vulnerability in the MBE eShip WordPress plugin allows unauthorized users to access sensitive information due to improper access control restrict...

This vulnerability in the WP2Speed Faster WordPress plugin allows unauthorized actors to access sensitive information due to improper access control r...

The Obfuscate Email WordPress plugin discloses the full server path to unauthenticated attackers in all versions up to 3.8.1. This occurs because the ...

The Reveal Template WordPress plugin up to version 3.7 allows unauthenticated attackers to retrieve the full web server path via direct access to boot...

The My Custom CSS PHP & ADS WordPress plugin discloses the full server path to unauthenticated attackers through direct access to a specific file. Thi...

This vulnerability in the WordPress Affiliate Toolkit plugin allows unauthenticated attackers to obtain the full server path through path disclosure. ...

Dorsett Controls InfoScan leaks potentially sensitive information through response headers and JavaScript before user authentication. This allows atta...

This vulnerability allows remote attackers to access sensitive device information via the /queryDevInfo endpoint on affected DVR systems. It affects T...

This vulnerability in Cybonet products exposes sensitive information to unauthorized actors. It affects systems running vulnerable versions of Cybonet...

This vulnerability in TOTOLINK A3700R routers allows remote attackers to access sensitive configuration information through the ExportSettings.sh CGI ...

The Piotnet Addons For Elementor WordPress plugin exposes sensitive post data through an unauthenticated API endpoint. Unauthenticated attackers can r...

The Intelligence WordPress plugin up to version 1.4.0 allows unauthenticated attackers to retrieve the full server path via direct access to a PHP fil...

The Add Admin CSS WordPress plugin discloses full server path information to unauthenticated attackers in versions up to 2.0.1. This occurs because te...

The Admin Post Navigation WordPress plugin discloses full server path information to unauthenticated users due to test files with display_errors enabl...

The Admin Trim Interface WordPress plugin (versions up to 3.5.1) exposes full web server path information to unauthenticated attackers through test fi...

CVE-2024-7128 is an authentication bypass vulnerability in OpenShift console where endpoints using authHandler() and authHandlerWithUser() middleware ...

The WP Meteor Website Speed Optimization Addon plugin for WordPress versions up to 3.4.3 contains a full path disclosure vulnerability. Unauthenticate...

The Addonify Quick View for WooCommerce WordPress plugin discloses full server path information to unauthenticated attackers due to improper access re...

A vulnerability in Cisco Webex App's protocol handlers could allow remote attackers to capture sensitive information like credentials by tricking user...

A security misconfiguration in GitHub Enterprise Server allowed unauthorized users to access sensitive information when an organization member changed...

This vulnerability in Decidim allows attackers to access unpublished or private resources by guessing their URLs or slugs. It affects Decidim instance...

This vulnerability in Netgear WN604 wireless access points allows remote attackers to access sensitive configuration files through the /downloadFile.p...

The Tablesome WordPress plugin versions up to 1.0.33 expose sensitive data through its API endpoints without proper authorization. This allows unauthe...

This vulnerability in the WordPress Event Monster plugin (Event Management Tickets Booking) allows unauthorized actors to access sensitive information...

The Podlove Web Player WordPress plugin versions up to 5.7.3 contain a sensitive data exposure vulnerability that allows unauthorized actors to access...

This vulnerability in WP Photo Album Plus WordPress plugin allows unauthorized actors to bypass IP-based access controls, exposing sensitive informati...

This vulnerability in the WordPress Download Manager plugin allows attackers to bypass password protection on files, exposing sensitive information to...