Description

This secure (https) page contains a form that is posting to an insecure (http) page. This could confuse users who may think their data is encrypted when in fact it's not.

Remediation

The form target should point to a secure (https) page.

References

OWASP - Transport Layer Protection Cheat Sheet

CWE-319: Cleartext Transmission of Sensitive Information

Related Vulnerabilities

Mercurial repository found

WordPress Plugin A2 Optimized WP Information Disclosure (2.0.10.8)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5730)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-6514)

WordPress Plugin Video Conferencing with Zoom Information Disclosure (3.8.16)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Sensitive Data Not Over Ssl