Sensitive Information Exposure in ShareThis Dashboard for Google Analytics Plugin
CVE-2025-12540

4.7MEDIUM

Key Information:

Vendor

WordPress
Status
Sharethis Dashboard For Google Analytics
Vendor
CVE Published:
7 January 2026

What is CVE-2025-12540?

The ShareThis Dashboard for Google Analytics plugin for WordPress exhibits a serious vulnerability that allows for sensitive information exposure. In all versions up to and including 3.2.4, the plugin stores critical credentials such as client_ID and client_secret in plaintext within its openly accessible source code. This flaw can enable unauthenticated attackers to exploit the vulnerability by creating links to the sharethis.com server. If a logged-in administrator inadvertently clicks such a link, an authorization token for Google Analytics may be shared with a malicious third-party site, potentially leading to unauthorized access to sensitive analytics data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ShareThis Dashboard for Google Analytics * <= 3.2.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/googleanalytic...

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ifoundbug
JSON
.