CVE Alert: CVE-2025-12139 – princeahmed – File Manager for Google Drive – Integrate Google Drive

Risk verdict

High risk: unauthenticated, remote exposure of Google OAuth credentials and account emails via a vulnerable WordPress plugin; patching should be treated as a priority when a fix is released.

Why this matters

Attackers can harvest client_id, client_secret and user email addresses, enabling OAuth abuse, account targeting, or phishing combs against affected organisations. Compromised credentials could be used to access Google APIs or impersonate the legitimate application, raising data breach and compliance risks for sites with Google Drive integrations.

Most likely attack path

The vulnerability permits unauthenticated access over the network to sensitive data via the get_localize_data function. No user interaction or privileges are required, so any publicly reachable WordPress site with the plugin installed is exposed. Once credentials are obtained, an attacker could pivot to related Google services or use exposed emails for credential stuffing or targeted phishing.

Who is most exposed

Likely exposed on self-hosted WordPress sites using the affected plugin, especially smaller organisations with delayed patching and less strict access controls. Sites that use Google Drive integration and publish sensitive data are at greater risk.

Detection ideas

• Unauthenticated requests to plugin endpoints returning credentials or emails.
• Unusual spikes in data egress from WordPress hosts to Google services.
• Logs showing attempts to access get_localize_data or similar functions without authentication.
• Credential exposure patterns in web server or application logs.
• Reports of OAuth client_id/client_secret appearing in responses or logs.

Mitigation and prioritisation

• Apply fix or upgrade to non-vulnerable version immediately; if unavailable, disable or uninstall the plugin.
• Implement WAF rules to block unauthenticated access to plugin endpoints; restrict access by IP or require authentication.
• Rotate Google OAuth client_id and client_secret after patching, and review connected Google accounts.
• Enhance monitoring and alerting around unauthenticated data access and OAuth-related activity.
• Schedule patching as a priority, with a clear change window and rollback plan. If KEV or EPSS signals were present, elevate to priority 1.