Sensitive Information Exposure in File Manager for Google Drive Plugin by WordPress
CVE-2025-12139

7.5HIGH

Key Information:

Vendor: WordPress
Status: File Manager For Google Drive – Integrate Google Drive
Vendor: CVE Published:; 5 November 2025

What is CVE-2025-12139?

The File Manager for Google Drive plugin for WordPress presents a vulnerability where unauthenticated attackers can exploit the 'get_localize_data' function. This issue affects all versions up to and including 1.5.3, allowing malicious actors to retrieve sensitive user data, including Google OAuth credentials (client_id and client_secret) and associated email addresses. Such exposure can lead to unauthorized account access and significant security breaches, necessitating immediate attention from users to secure their installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

File Manager for Google Drive – Integrate Google Drive * <= 1.5.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/integrate-goog...

EPSS Score

27% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 5, 2025
Vulnerability Reserved
Oct 23, 2025

Credit

ifoundbug

JSON

WordPress

What is CVE-2025-12139?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.