Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-201 (通过发送数据的信息暴露) — Vulnerability Class 285

285 vulnerabilities classified as CWE-201 (通过发送数据的信息暴露). AI Chinese analysis included.

CWE-201 represents an information exposure weakness where software inadvertently transmits sensitive data to unauthorized external actors. This vulnerability typically arises when developers fail to sanitize output streams, allowing credentials, personal identifiable information, or internal system states to leak through network logs, error messages, or API responses. Attackers exploit this by intercepting traffic or analyzing server-side feedback to harvest critical secrets, facilitating further unauthorized access or identity theft. To mitigate this risk, developers must implement strict data filtering and validation protocols before transmission. Utilizing secure logging frameworks that mask sensitive fields, employing encryption for data in transit, and conducting regular code reviews to identify accidental data leaks are essential practices. Ensuring that only necessary, non-sensitive information is shared with external entities significantly reduces the attack surface and protects user privacy.

MITRE CWE Description
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Common Consequences (1)
ConfidentialityRead Files or Directories, Read Memory, Read Application Data
Sensitive data may be exposed to attackers.
Mitigations (4)
RequirementsSpecify which data in the software should be regarded as sensitive. Consider which types of users should have access to which types of data.
ImplementationEnsure that any possibly sensitive data specified in the requirements is verified with designers to ensure that it is either a calculated risk or mitigated elsewhere. Any information that is not necessary to the functionality should be removed in order to lower both the overhead and the possibility of security sensitive data being sent.
System ConfigurationSetup default error messages so that unexpected errors do not disclose sensitive information.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
Examples (1)
The following is an actual MySQL error statement:
Warning: mysql_pconnect(): Access denied for user: 'root@localhost' (Using password: N1nj4) in /usr/local/www/wi-data/includes/database.inc on line 4
Result · SQL
CVE IDTitleCVSSSeverityPublished
CVE-2025-60125 WordPress FoodBook Plugin <= 4.7.6 - Sensitive Data Exposure Vulnerability — FoodBook 5.3 Medium2025-09-26
CVE-2025-60095 WordPress Stackable Plugin <= 3.18.1 - Sensitive Data Exposure Vulnerability — Stackable 4.3 Medium2025-09-26
CVE-2025-59010 WordPress Permalink Manager Lite Plugin <= 2.5.1.3 - Sensitive Data Exposure Vulnerability — Permalink Manager Lite 7.5 High2025-09-26
CVE-2025-58246 WordPress <= 6.8.2 - (Contributor+) Sensitive Data Exposure Vulnerability — WordPress 4.3 Medium2025-09-23
CVE-2025-43814 Liferay Portal和Liferay DXP 安全漏洞 — Portal 4.3AIMediumAI2025-09-22
CVE-2025-57922 WordPress Envíos Coordinadora Woocommerce plugin <= 1.1.32 - Sensitive Data Exposure vulnerability — Envíos Coordinadora Woocommerce 5.3 Medium2025-09-22
CVE-2025-57923 WordPress UK Address Postcode Validation plugin <= 3.9.2 - Sensitive Data Exposure vulnerability — UK Address Postcode Validation 5.3 Medium2025-09-22
CVE-2025-58226 WordPress 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Plugin <= 1.16.16 - Sensitive Data Exposure Vulnerability — 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery 5.3 Medium2025-09-22
CVE-2025-58249 WordPress Qubely Plugin <= 1.8.14 - Sensitive Data Exposure Vulnerability — Qubely 4.3 Medium2025-09-22
CVE-2025-58252 WordPress Getwid Plugin <= 2.1.2 - Sensitive Data Exposure Vulnerability — Getwid 4.3 Medium2025-09-22
CVE-2025-58649 WordPress All In One SEO Pack Plugin <= 4.8.7.1 - Sensitive Data Exposure Vulnerability — All In One SEO Pack 4.3 Medium2025-09-22
CVE-2025-5519 Information Disclosure in ArgusTech's BILGER — BILGER 6.5 Medium2025-09-16
CVE-2025-58872 WordPress Simple Price Calculator Plugin <= 1.3 - Broken Access Control Vulnerability — Simple Price Calculator 6.5 Medium2025-09-05
CVE-2025-44017 Gunosy 安全漏洞 — "Gunosy" App for Android 6.5 -2025-09-02
CVE-2025-55750 Gitpod Classic Affected by Bitbucket OAuth Token Exposure via Redirect Fragment — gitpod 6.5 Medium2025-08-29
CVE-2025-48361 WordPress Hesabfa Accounting plugin <= 2.2.5 - Sensitive Data Exposure via Log File vulnerability — Hesabfa Accounting 5.3 Medium2025-08-28
CVE-2025-20348 Cisco Nexus Dashboard Unauthorized REST API Vulnerability — Cisco Nexus Dashboard 5.0 Medium2025-08-27
CVE-2025-43768 Liferay Portal和Liferay DXP 安全漏洞 — Portal 6.5AIMediumAI2025-08-23
CVE-2025-41415 AVEVA PI Integrator Insertion of Sensitive Information into Sent Data — PI Integrator 6.5 Medium2025-08-21
CVE-2025-49408 WordPress Templately Plugin <= 3.2.7 - Sensitive Data Exposure Vulnerability — Templately 10.0 Critical2025-08-20
CVE-2025-53196 WordPress JetEngine <= 3.7.0 - Sensitive Data Exposure Vulnerability — JetEngine 6.5 Medium2025-08-20
CVE-2025-53983 WordPress JetElements For Elementor <= 2.7.7 - Sensitive Data Exposure Vulnerability — JetElements For Elementor 6.5 Medium2025-08-20
CVE-2025-53985 WordPress JetTabs <= 2.2.9 - Sensitive Data Exposure Vulnerability — JetTabs 6.5 Medium2025-08-20
CVE-2025-53988 WordPress JetBlocks For Elementor <= 1.3.18 - Sensitive Data Exposure Vulnerability — JetBlocks For Elementor 6.5 Medium2025-08-20
CVE-2025-53987 WordPress JetMenu <= 2.4.11.1 - Sensitive Data Exposure Vulnerability — JetMenu 6.5 Medium2025-08-20
CVE-2025-53992 WordPress JetTricks <= 1.5.4.1 - Sensitive Data Exposure Vulnerability — JetTricks 6.5 Medium2025-08-20
CVE-2025-53998 WordPress JetWooBuilder <= 2.1.20 - Sensitive Data Exposure Vulnerability — JetWooBuilder 6.5 Medium2025-08-20
CVE-2025-53993 WordPress JetPopup plugin <= 2.0.15 - Sensitive Data Exposure vulnerability — JetPopup 6.5 Medium2025-08-20
CVE-2025-54008 WordPress JetSmartFilters <= 3.6.7 - Sensitive Data Exposure Vulnerability — JetSmartFilters 6.5 Medium2025-08-20
CVE-2025-55715 WordPress Otter - Gutenberg Block Plugin <= 3.1.0 - Sensitive Data Exposure Vulnerability — Otter - Gutenberg Block 7.5 High2025-08-20

Vulnerabilities classified as CWE-201 (通过发送数据的信息暴露) represent 285 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.