Formlayer
Monthly
Sensitive data exposure in Softaculous FormLayer WordPress plugin through version 1.0.6 allows remote unauthenticated attackers to retrieve embedded sensitive information from data transmitted by the plugin. The root cause (CWE-201) indicates the plugin inserts sensitive content - potentially API keys, tokens, or internal configuration - into outbound data visible to requesting clients. No public exploit code and no active exploitation have been identified at time of analysis, though the CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms trivial remote accessibility.
Sensitive data exposure in Softaculous FormLayer WordPress plugin through version 1.0.6 allows remote unauthenticated attackers to retrieve embedded sensitive information from data transmitted by the plugin. The root cause (CWE-201) indicates the plugin inserts sensitive content - potentially API keys, tokens, or internal configuration - into outbound data visible to requesting clients. No public exploit code and no active exploitation have been identified at time of analysis, though the CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms trivial remote accessibility.