CVE-2025-12010

Name of the Vulnerable Software and Affected Versions Authors List plugin for WordPress versions prior to 2.0.6.2

Description The Authors List plugin for WordPress is susceptible to sensitive information exposure. Authenticated attackers with Contributor-level access or higher can exploit this issue by calling methods, such as get meta, through specially crafted shortcode attributes. This allows extraction of sensitive user data, including password hashes, email addresses, usernames, and activation keys. The vulnerability stems from an arbitrary method call within the Authors List Shortcode class.

Recommendations Update the Authors List plugin to version 2.0.6.2 or later.