Sensitive Information Exposure in File Manager for Google Drive Plugin by WordPress
CVE-2025-12139

7.5HIGH

Key Information:

Vendor: WordPress
Status: File Manager For Google Drive – Integrate Google Drive
Vendor: CVE Published:; 5 November 2025

What is CVE-2025-12139?

The File Manager for Google Drive plugin for WordPress presents a vulnerability where unauthenticated attackers can exploit the 'get_localize_data' function. This issue affects all versions up to and including 1.5.3, allowing malicious actors to retrieve sensitive user data, including Google OAuth credentials (client_id and client_secret) and associated email addresses. Such exposure can lead to unauthorized account access and significant security breaches, necessitating immediate attention from users to secure their installations.

Affected Version(s)

File Manager for Google Drive – Integrate Google Drive * <= 1.5.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/integrate-goog...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2025
Vulnerability Reserved
Oct 23, 2025

Credit

ifoundbug

JSON