CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-32257 – WordPress 1 Click WordPress Migration Plugin <= 2.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32257
04 Apr 2025 — Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration allows Retrieve Embedded Sensitive Data. • https://patchstack.com/database/wordpress/plugin/1-click-migration/vulnerability/wordpress-1-click-wordpress-migration-plugin-2-1-sensitive-data-exposure-vulnerability? • CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32255 – WordPress StaffList plugin <= 3.2.6 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32255
04 Apr 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList allows Retrieve Embedded Sensitive Data. • https://patchstack.com/database/wordpress/plugin/stafflist/vulnerability/wordpress-stafflist-plugin-3-2-6-sensitive-data-exposure-vulnerability? • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-32251 – WordPress Jetpack Feedback Exporter <= 1.23 - Sensitive Data Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2025-32251
04 Apr 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in J. • https://patchstack.com/database/wordpress/plugin/jetpack-feedback-exporter/vulnerability/wordpress-jetpack-feedback-exporter-1-23-sensitive-data-exposure-vulnerability? • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32238 – WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32238
04 Apr 2025 — Generation of Error Message Containing Sensitive Information vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Retrieve Embedded Sensitive Data. • https://patchstack.com/database/wordpress/plugin/meeting-scheduler-by-vcita/vulnerability/wordpress-online-booking-scheduling-calendar-for-wordpress-by-vcita-plugin-4-5-2-sensitive-data-exposure-vulnerability? • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-31421 – WordPress Srbtranslatin plugin <= 3.2.0 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-31421
04 Apr 2025 — Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Oblak Studio Srbtranslatin allows Retrieve Embedded Sensitive Data.This issue affects Srbtranslatin: from n/a through 3.2.0. • https://patchstack.com/database/wordpress/plugin/srbtranslatin/vulnerability/wordpress-srbtranslatin-plugin-3-2-0-sensitive-data-exposure-vulnerability? • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42208 – HCL Connections is vulnerable to an information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-42208
04 Apr 2025 — HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120347 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31487 – The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server
https://notcve.org/view.php?id=CVE-2025-31487
03 Apr 2025 — The XWiki JIRA extension provides various integration points between XWiki and JIRA (macros, UI, CKEditor plugin). If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a DOCTYPE pointing to a local file on the XWiki server host and displaying that file's content in one of the returned JIRA fields (such as the summary or description for example). The vulnerability has been patched ... • https://github.com/xwiki-contrib/jira/commit/5049e352d16f8356734de70daf1202301f170ee6 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-0272 – HCL DevOps Deploy / HCL Launch is susceptible to an HTML injection vulnerability
https://notcve.org/view.php?id=CVE-2025-0272
03 Apr 2025 — This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120137 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-31558 – WordPress TailPress plugin <= 0.4.4 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-31558
03 Apr 2025 — Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Greg TailPress allows Retrieve Embedded Sensitive Data. • https://patchstack.com/database/wordpress/plugin/tailpress/vulnerability/wordpress-tailpress-plugin-0-4-4-sensitive-data-exposure-vulnerability? • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56476 – IBM TXSeries for Multiplatforms information disclosure
https://notcve.org/view.php?id=CVE-2024-56476
02 Apr 2025 — IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login attempt response discrepancy. • https://www.ibm.com/support/pages/node/7229880 • CWE-204: Observable Response Discrepancy •