Description
The __VIEWSTATE parameter is not encrypted for one or more pages. To reduce the chance of someone intercepting the information stored in the ViewState, it is good design to encrypt the ViewState.
Remediation
Turn on the encryption mode for the view state. Consult web references for more information, taking into consideration ASP.NET version
References
Related Vulnerabilities
WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.26)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-4042)
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Information Disclosure (1.8.11)
Adobe ColdFusion directory traversal
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-39200)