CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
We have discovered 2,057 live websites that are affected by CWE-798.
CVEs
- Count - 5
CWE References
Website Distribution by Country
Number of websites using CWE-798 United States | 603 websites |
 Germany | 185 websites |
 GB | 106 websites |
 Russia | 104 websites |
 France | 101 websites |
 Netherlands | 99 websites |
 Poland | 64 websites |
 Australia | 55 websites |
 Japan | 55 websites |
 Canada | 55 websites |
Website Distribution by TLD
Number of websites using CWE-798| .com | 795 websites |
| .org | 103 websites |
| .de | 103 websites |
| .ru | 92 websites |
| .co.uk | 69 websites |
| .nl | 60 websites |
| .com.au | 58 websites |
| .fr | 52 websites |
| .eu | 49 websites |
| .pl | 48 websites |
Newest CVEs
List of the most recent CVEs that are part of CWE-798| Discovered | CVE | Description | Websites |
|---|---|---|---|
| Sep, 2025 | CVE-2025-58659 | WordPress Helpie FAQ Plugin <= 1.39 - Sensitive Data Exposure Vulnerability | 1,988 |
| Sep, 2025 | CVE-2025-8570 | BeyondCart Connector <= 2.1.0 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation via determine_current_user Filter | 1 |
| Sep, 2025 | CVE-2025-55739 | api: Shared OAuth Signing Key Between Different Instances | 2 |
| Aug, 2024 | CVE-2024-28987 | SolarWinds Web Help Desk Hardcoded Credential Vulnerability | 34 |
| May, 2020 | CVE-2020-5248 | Public GLPIKEY can be used to decrypt any data in GLPI | 32 |
The most widespread CVEs
List of the most common CVEs that are part of CWE-798| Discovered | CVE | Description | Websites |
|---|---|---|---|
| Sep, 2025 | CVE-2025-58659 | WordPress Helpie FAQ Plugin <= 1.39 - Sensitive Data Exposure Vulnerability | 1,988 |
| Aug, 2024 | CVE-2024-28987 | SolarWinds Web Help Desk Hardcoded Credential Vulnerability | 34 |
| May, 2020 | CVE-2020-5248 | Public GLPIKEY can be used to decrypt any data in GLPI | 32 |
| Sep, 2025 | CVE-2025-55739 | api: Shared OAuth Signing Key Between Different Instances | 2 |
| Sep, 2025 | CVE-2025-8570 | BeyondCart Connector <= 2.1.0 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation via determine_current_user Filter | 1 |
Websites affected by CWE-798
Top websites that are affected by CWE-798. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ************.com | United States | **,*** | |
| *************.com | United States | **,*** | |
| *******************.com | United States | **,*** | |
| **********.com |  Iceland | ***,*** | |
| *******.nl | United States | ***,*** | |
| *******.com | United States | ***,*** | |
| ********.com |  Lithuania | ***,*** | |
| *****.it |  Italy | ***,*** | |
| ***.dk |  Denmark | ***,*** | |
| ***********.jp | Japan | ***,*** |