CVE-2025-12630 | THREATINT

Description

The Upload.am WordPress plugin before 1.0.1 is vulnerable to arbitrary option disclosure due to a missing capability check on its AJAX request handler, allowing users such as contributor to view site options.

PUBLISHED Reserved 2025-11-03 | Published 2025-12-02 | Updated 2025-12-02 | Assigner WPScan

Problem types

CWE-862 Missing Authorization

Product status

Default status

unaffected

Any version before 1.0.1

affected

Credits

Beatriz Fresno Naumova (beafn28) finder

WPScan coordinator

References

wpscan.com/...rability/531537f1-5547-4b0f-9e11-3f8a0b2589f5/ exploit vdb-entry technical-description

cve.org (CVE-2025-12630)

nvd.nist.gov (CVE-2025-12630)

Download JSON