Skip to main content

Formlayer

1 CVEs product

Monthly

CVE-2026-59519 MEDIUM This Month

Sensitive data exposure in Softaculous FormLayer WordPress plugin through version 1.0.6 allows remote unauthenticated attackers to retrieve embedded sensitive information from data transmitted by the plugin. The root cause (CWE-201) indicates the plugin inserts sensitive content - potentially API keys, tokens, or internal configuration - into outbound data visible to requesting clients. No public exploit code and no active exploitation have been identified at time of analysis, though the CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms trivial remote accessibility.

Information Disclosure Formlayer
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
EPSS 0% CVSS 5.3
MEDIUM This Month

Sensitive data exposure in Softaculous FormLayer WordPress plugin through version 1.0.6 allows remote unauthenticated attackers to retrieve embedded sensitive information from data transmitted by the plugin. The root cause (CWE-201) indicates the plugin inserts sensitive content - potentially API keys, tokens, or internal configuration - into outbound data visible to requesting clients. No public exploit code and no active exploitation have been identified at time of analysis, though the CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms trivial remote accessibility.

Information Disclosure Formlayer
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy