Description
A known password was found in an HTTP response. As the password was not submitted in the HTTP request initiating the response, the password had likely been stored on the server, or a connected system, in an insecure manner.
Remediation
Store passwords in a way that prevents attackers from accessing them, even if attackers manage to gain access to the credential storage or representation. .
References
OWASP: Password Plaintext Storage
Password Storage · OWASP Cheat Sheet Series
CWE - CWE-312: Cleartext Storage of Sensitive Information (4.0)
Related Vulnerabilities
WordPress Plugin Caldera Forms-More Than Contact Forms Arbitrary File Disclosure (1.8.1)
WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download (2.60)
WordPress Plugin SiteGuard WP Information Disclosure (1.7.6)
Stack Trace Disclosure (NodeJS)
WordPress Plugin Stop User Enumeration User Enumeration (1.2.4)