Security Risk Category

information-disclosure Security Risks

Published vulnerability pages connected to information-disclosure. One risk can appear in multiple categories while keeping one canonical page.

information-disclosure risks

Showing 12 of 12 published risks.

high

Everest Forms Public Temporary CSV Exposure Vulnerability

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via predictable, enumerable filenames.

CVE-2026-11571wordpresseverest-formsinformation-disclosurecsv-exposure

Updated Jul 10, 2026

medium

WP DSGVO Tools GDPR Personal Data Export Authorization Bypass Vulnerability

The WP DSGVO Tools (GDPR) WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export (including name, postal address, phone number, email, and comment content) of any user, customer, or commenter by supplying their email address.

CVE-2026-11869wordpresswp-dsgvo-toolsgdprinformation-disclosure

Updated Jul 10, 2026

mediumEPSS 0.004

GamiPress WordPress Plugin Activity Log IDOR Vulnerability

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.9.4 via the 'access' parameter due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view private GamiPress activity log entries belonging to any user, including badge earnings, points balance changes, and event records from integrated plugins such as WooCommerce, LearnDash, and BuddyPress. This is exploitable by any unauthenticated visitor because the required 'gamipress' nonce is broadcast to all front-end users via wp_localize_script on the wp_enqueue_scripts hook, making the sole authentication barrier trivially bypassable.

CVE-2026-13450wordpressgamipressidorinformation-disclosure

Updated Jul 10, 2026

mediumEPSS 0.002

Nozomi Guardian SSH Keys Synchronization Missing Authentication Vulnerability

A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH keys.

CVE-2026-31983nozomi-networksguardiansshmissing-authentication

Updated Jul 10, 2026

mediumEPSS 0.003

Token of Trust WordPress Plugin WooCommerce Donation Data Exposure Vulnerability

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to unauthorized access in all versions up to and including 4.0.2. This is due to the handle_export_table() function being registered on the WordPress 'init' hook, which fires for all requests, including those from unauthenticated visitors, without any capability check. This makes it possible for unauthenticated attackers to download a CSV file containing sensitive WooCommerce donation data, including order dates, order IDs, charitable donation amounts, and admin-only order edit URLs, simply by visiting any page on the site with the 'tot_export_table' GET parameter set to a numeric value (0–3).

CVE-2026-7558wordpresswoocommercetoken-of-trustinformation-disclosure

Updated Jul 10, 2026

mediumEPSS 0.003

Backup and Staging by WP Time Capsule SQL Backup Exposure Vulnerability

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 via the download_recent_decrypted_file_wptc. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract download the most recently admin-decrypted SQL database backup, which typically contains password hashes, user credentials, and other sensitive site configuration data stored in the 'recent_decrypted_file' option. Exploitation requires that an administrator has previously performed a decrypt action, causing the decrypted SQL backup file to exist in the plugin's upload directory; without this prior admin action, there is no file to serve.

CVE-2026-8996wordpresswp-time-capsulebackupinformation-disclosure

Updated Jul 10, 2026

mediumEPSS 0.004

Hydra Booking WordPress Plugin Booking Details IDOR Vulnerability

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/{id} REST endpoint. This is due to the getBookingDetails() callback only enforcing the tfhb_manage_options capability via tfhb_manage_options_permission(), without verifying that the requested booking belongs to the currently authenticated host (the lookup in getBookingDetailsData() filters solely on the booking id supplied in the URL). This makes it possible for authenticated attackers, with Hydra Host-level access and above (a role created by the plugin which grants tfhb_manage_options), to view sensitive booking records belonging to other hosts, including attendee names, emails, phone numbers, addresses, meeting details, payment method and status, transaction history, and internal notes by iterating booking IDs.

CVE-2026-12433wordpresshydra-bookingidorinformation-disclosure

Updated Jul 10, 2026

mediumEPSS 0.004

Sayax OSOS Sensitive Information Authentication Bypass Vulnerability

Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc. OSOS allows Authentication Bypass. This issue affects OSOS: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1365ososauthentication-bypassinformation-disclosureenergy

Updated Jul 10, 2026

mediumEPSS 0.002

HCL DevOps Deploy Permissive CORS Vulnerability

HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.

CVE-2026-56458hcl-devops-deploycorsinformation-disclosureweb-application

Updated Jul 10, 2026

mediumEPSS 0.002

HCL DevOps Deploy Sensitive Information in Logs Vulnerability

HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user.

CVE-2026-56459hcl-devops-deployhcl-launchinformation-disclosurelogs

Updated Jul 10, 2026

mediumEPSS 0.004

HCL DevOps Deploy API Secrets Disclosure Vulnerability

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.

CVE-2026-56460hcl-devops-deployhcl-launchinformation-disclosuresecrets

Updated Jul 10, 2026

medium

Blocks for ACF Fields WordPress Plugin Unauthorized Data Access Vulnerability

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_all_values() function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permission_callback only verifies the generic publish_posts capability and the handler passes a user-supplied id parameter directly to get_field_objects() without verifying that the requesting user is authorized to read the target object. This makes it possible for authenticated attackers, with Author-level access and above, to read ACF field values from arbitrary posts (including private posts, drafts, posts by other users, and other ACF-supported objects) that they should not have access to.

CVE-2026-12428wordpressblocks-for-acf-fieldsacfinformation-disclosure

Updated Jul 10, 2026