CVE-2025-27001

MEDIUM Year: 2025
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-201
View all →

Vulnerability Description

Insertion of Sensitive Information Into Sent Data vulnerability in Shipmondo Shipmondo – A complete shipping solution for WooCommerce allows Retrieve Embedded Sensitive Data.This issue affects Shipmondo – A complete shipping solution for WooCommerce: from n/a through 5.0.3.

Related Vulnerabilities

CVE-2017-2582

MEDIUM
CVSS:6.5(Medium)

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an at...

CWE-2012017

CVE-2019-15580

MEDIUM
CVSS:6.5(Medium)

An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head ...

CWE-2012019

CVE-2020-27748

MEDIUM
CVSS:6.5(Medium)

A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbi...

CWE-2012020

CVE-2022-0018

MEDIUM
CVSS:6.5(Medium)

An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when ...

CWE-2012022

CVE-2022-27671

MEDIUM
CVSS:6.5(Medium)

A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.

CWE-2012022

CVE-2023-28117

MEDIUM
CVSS:6.5(Medium)

Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is ...

CWE-2012023