PT-2025-45088 · WordPress · File Manager For Google Drive – Integrate Google Drive With Wordpress

Ifoundbug

Published

2025-11-05

Updated

2025-12-24

CVE-2025-12139

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions File Manager for Google Drive – Integrate Google Drive with WordPress versions prior to 1.5.4

Description The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress has a flaw that allows unauthenticated attackers to extract sensitive data. This includes Google OAuth credentials (client id and client secret) and Google account email addresses. The issue is due to the "get localize data" function.

Recommendations Update File Manager for Google Drive – Integrate Google Drive with WordPress to a version later than 1.5.3.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2025-12139

Affected Products

File Manager For Google Drive – Integrate Google Drive With Wordpress

PT-2025-45088 · WordPress · File Manager For Google Drive – Integrate Google Drive With Wordpress

CVE-2025-12139

Weakness Enumeration

Related Identifiers

Affected Products

References · 12