CVE-2025-12139 Scanner
CVE-2025-12139 Scanner - Information Disclosure vulnerability in Integrate Google Drive
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
20 days 17 hours
Scan only one
URL
Toolbox
The Integrate Google Drive plugin is designed to seamlessly connect Google Drive with WordPress, enabling website owners to manage their Google Drive files directly from their WordPress dashboard. It's widely used by WordPress developers, content creators, and businesses to enhance file management capabilities on websites. This plugin facilitates easy backup, file embedding, and collaborative file editing. It is particularly valuable for businesses relying on Google Drive for document management, providing a comprehensive solution to access and share documents. By integrating with WordPress, it streamlines workflows and improves efficiency in managing documents and media files.
The Information Disclosure vulnerability in the Integrate Google Drive plugin arises due to improper protection of the get_localize_data function. This vulnerability allows unauthenticated attackers to extract sensitive information such as Google OAuth credentials and account email addresses. As a high-severity vulnerability, it poses significant risks to users relying on this plugin for managing their Google Drive files. The issue highlights the critical need for comprehensive security controls around sensitive data handling. Ensuring proper access control mechanisms can mitigate such vulnerabilities.
This vulnerability specifically targets the functionality within the get_localize_data function, which lacks adequate protection against unauthorized access. The vulnerable parameters include client IDs, client secrets, and account information, which are exposed due to improper handling of sensitive data. Attackers can exploit this weakness by making crafted requests to the plugin, retrieving confidential information that can lead to account compromise. The endpoint is susceptible when the plugin version is less than or equal to 1.5.3.
If exploited, the vulnerability allows unauthorized individuals to obtain Google OAuth credentials and email addresses associated with user accounts. This can facilitate further attacks, including phishing or account takeover, jeopardizing both user privacy and data integrity. Unauthorized access to these credentials can lead to significant security breaches, posing considerable risks to users relying on the plugin for managing Google Drive integrations. Users may experience data theft or unauthorized actions performed under their accounts.
REFERENCES
