CVE-2025-12139

Description

The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.5.3 via the "get_localize_data" function. This makes it possible for unauthenticated attackers to extract sensitive data including Google OAuth credentials (client_id and client_secret) and Google account email addresses.

PUBLISHED Reserved 2025-10-23 | Published 2025-11-05 | Updated 2025-11-05 | Assigner Wordfence

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Timeline

Credits

ifoundbug finder

References

www.wordfence.com/...-3a4a-4a21-af0f-3ade81382605?source=cve

plugins.trac.wordpress.org/...5.3/includes/class-enqueue.php

plugins.trac.wordpress.org/...5.3/includes/class-enqueue.php

plugins.trac.wordpress.org/...5.3/includes/class-enqueue.php

plugins.trac.wordpress.org/...3387825/integrate-google-drive

cve.org (CVE-2025-12139)

nvd.nist.gov (CVE-2025-12139)

Download JSON