Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-201 (通过发送数据的信息暴露) — Vulnerability Class 285

285 vulnerabilities classified as CWE-201 (通过发送数据的信息暴露). AI Chinese analysis included.

CWE-201 represents an information exposure weakness where software inadvertently transmits sensitive data to unauthorized external actors. This vulnerability typically arises when developers fail to sanitize output streams, allowing credentials, personal identifiable information, or internal system states to leak through network logs, error messages, or API responses. Attackers exploit this by intercepting traffic or analyzing server-side feedback to harvest critical secrets, facilitating further unauthorized access or identity theft. To mitigate this risk, developers must implement strict data filtering and validation protocols before transmission. Utilizing secure logging frameworks that mask sensitive fields, employing encryption for data in transit, and conducting regular code reviews to identify accidental data leaks are essential practices. Ensuring that only necessary, non-sensitive information is shared with external entities significantly reduces the attack surface and protects user privacy.

MITRE CWE Description
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Common Consequences (1)
ConfidentialityRead Files or Directories, Read Memory, Read Application Data
Sensitive data may be exposed to attackers.
Mitigations (4)
RequirementsSpecify which data in the software should be regarded as sensitive. Consider which types of users should have access to which types of data.
ImplementationEnsure that any possibly sensitive data specified in the requirements is verified with designers to ensure that it is either a calculated risk or mitigated elsewhere. Any information that is not necessary to the functionality should be removed in order to lower both the overhead and the possibility of security sensitive data being sent.
System ConfigurationSetup default error messages so that unexpected errors do not disclose sensitive information.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
Examples (1)
The following is an actual MySQL error statement:
Warning: mysql_pconnect(): Access denied for user: 'root@localhost' (Using password: N1nj4) in /usr/local/www/wi-data/includes/database.inc on line 4
Result · SQL
CVE IDTitleCVSSSeverityPublished
CVE-2025-68029 WordPress Wallet System for WooCommerce plugin <= 2.7.3 - Sensitive Data Exposure vulnerability — Wallet System for WooCommerce 7.5 -2026-01-05
CVE-2025-68014 WordPress AweBooking plugin <= 3.2.26 - Sensitive Data Exposure vulnerability — AweBooking 6.5 Medium2026-01-05
CVE-2025-62126 WordPress Varnish/Nginx Proxy Caching plugin <= 1.8.3 - Sensitive Data Exposure vulnerability — Varnish/Nginx Proxy Caching 5.3 Medium2025-12-31
CVE-2025-59136 WordPress Gerencianet Oficial plugin <= 3.1.3 - Sensitive Data Exposure vulnerability — Gerencianet Oficial 5.3 Medium2025-12-31
CVE-2025-62139 WordPress Terms descriptions plugin <= 3.4.10 - Sensitive Data Exposure vulnerability — Terms descriptions 5.3 Medium2025-12-31
CVE-2025-59003 WordPress ColorWay Theme <= 4.2.3 - Sensitive Data Exposure Vulnerability — ColorWay 5.8 Medium2025-12-31
CVE-2025-68989 WordPress Contact Form 7 Extension For Mailchimp plugin <= 0.9.68 - Sensitive Data Exposure vulnerability — contact-form-7-mailchimp-extension 4.3 Medium2025-12-30
CVE-2025-68040 WordPress WP Project Manager plugin <= 3.0.1 - Sensitive Data Exposure vulnerability — WP Project Manager 6.5 Medium2025-12-29
CVE-2025-68516 WordPress Tablesome plugin <= 1.1.35.1 - Sensitive Data Exposure vulnerability — Tablesome 5.0 Medium2025-12-24
CVE-2025-62998 WordPress WP AI CoPilot plugin <= 1.2.7 - Sensitive Data Exposure vulnerability — WP AI CoPilot 5.0 Medium2025-12-18
CVE-2025-14823 Certificate Signing Extension Returns Encrypted Values — ScreenConnect 5.3 Medium2025-12-18
CVE-2025-66116 WordPress Ultimate Member Widgets for Elementor plugin <= 2.3 - Sensitive Data Exposure vulnerability — Ultimate Member Widgets for Elementor 7.5 High2025-12-18
CVE-2025-64295 WordPress All In One SEO Pack plugin <= 4.8.6.1 - Sensitive Data Exposure vulnerability — All In One SEO Pack 6.5 Medium2025-12-18
CVE-2025-64218 WordPress Passster plugin <= 4.2.19 - Sensitive Data Exposure vulnerability — Passster 7.5 High2025-12-18
CVE-2025-64213 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Sensitive Data Exposure vulnerability — MasterStudy LMS Pro 7.5 High2025-12-18
CVE-2025-49918 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.2 - Sensitive Data Exposure vulnerability — VikBooking Hotel Booking Engine & PMS 5.9 Medium2025-12-18
CVE-2025-49919 WordPress eRoom plugin <= 1.5.6 - Sensitive Data Exposure vulnerability — eRoom 5.8 Medium2025-12-18
CVE-2025-66125 WordPress Ultimate Auction plugin <= 4.3.3 - Sensitive Data Exposure vulnerability — Ultimate Auction 5.3 Medium2025-12-16
CVE-2025-66126 WordPress Fix Media Library plugin <= 2.0 - Sensitive Data Exposure vulnerability — Fix Media Library 5.3 Medium2025-12-16
CVE-2025-49300 WordPress Traveler Option Tree plugin <= 2.8 - Sensitive Data Exposure vulnerability — Traveler Option Tree 2.7 Low2025-12-16
CVE-2025-66388 Apache Airflow: Secrets in rendered templates not redacted properly and exposed in the UI — Apache Airflow 6.5 -2025-12-15
CVE-2025-67721 Aircompressor's Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer — aircompressor 7.5AIHighAI2025-12-12
CVE-2025-63071 WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Sensitive Data Exposure vulnerability — Shortcodes and extra features for Phlox theme 5.3 Medium2025-12-09
CVE-2025-63007 WordPress EventPrime plugin <= 4.2.4.1 - Sensitive Data Exposure vulnerability — EventPrime 4.3 Medium2025-12-09
CVE-2025-62997 WordPress WP EasyCart plugin <= 5.8.11 - Sensitive Data Exposure vulnerability — WP EasyCart 5.3 Medium2025-12-09
CVE-2025-62994 WordPress WP AI CoPilot plugin <= 1.2.7 - Sensitive Data Exposure vulnerability — WP AI CoPilot 4.3 Medium2025-12-09
CVE-2025-62109 WordPress Geo Controller plugin <= 8.9.4 - Sensitive Data Exposure vulnerability — Geo Controller 5.3 Medium2025-12-09
CVE-2025-66566 yawkat LZ4 Java has a possible information leak in Java safe decompressor — lz4-java 7.5 -2025-12-05
CVE-2025-58098 Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... — Apache HTTP Server 8.1 -2025-12-05
CVE-2025-13295 Sensitive Data Exposure in ArgusTech's BILGER — BILGER 7.5 High2025-12-02

Vulnerabilities classified as CWE-201 (通过发送数据的信息暴露) represent 285 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.