PT-2025-45088 · WordPress · File Manager For Google Drive – Integrate Google Drive With Wordpress

Ifoundbug

Publicado

2025-11-05

Atualizado

2025-12-24

CVE-2025-12139

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions File Manager for Google Drive – Integrate Google Drive with WordPress versions prior to 1.5.4

Description The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress has a flaw that allows unauthenticated attackers to extract sensitive data. This includes Google OAuth credentials (client id and client secret) and Google account email addresses. The issue is due to the "get localize data" function.

Recommendations Update File Manager for Google Drive – Integrate Google Drive with WordPress to a version later than 1.5.3.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2025-12139

Produtos afetados

File Manager For Google Drive – Integrate Google Drive With Wordpress

PT-2025-45088 · WordPress · File Manager For Google Drive – Integrate Google Drive With Wordpress

CVE-2025-12139

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12