CVE-2025-12139
published 2025-11-05CVE-2025-12139: The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress is vulnerable to sensitive information exposure in all versions…
PriorityP260high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.21%
80.4th percentile
The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.5.3 via the "get_localize_data" function. This makes it possible for unauthenticated attackers to extract sensitive data including Google OAuth credentials (client_id and client_secret) and Google account email addresses.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| princeahmed | file_manager_for_google_drive_integrate_google_drive | <= 1.5.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
contains(body, "var igd") AND regex("\"clientSecret\":\"[^\"]+\"", body) OR regex("\"accounts\":\"[A-Za-z0-9+/=]{20,}\"", body)sigma↗
detection: keywords: - '"clientSecret":"' - '"clientID":"' - '"accounts":"' condition: keywords
- →Unauthenticated HTTP GET to the WordPress site root; a vulnerable response will contain the JavaScript variable 'var igd' in the body, exposing Google OAuth credentials (clientID, clientSecret) and base64-encoded account data (accounts) inline in the page source. ↗
- →Presence of the plugin directory path '/wp-content/plugins/integrate-google-drive' in web server logs or HTTP responses can be used to fingerprint vulnerable installations. ↗
- →The vulnerable function 'get_localize_data' leaks Google OAuth client_id, client_secret, and account email addresses to unauthenticated users; monitor for responses containing JSON keys 'clientID', 'clientSecret', or 'accounts' in WordPress page output. ↗
- →Regex pattern '"clientSecret":"[^"]+"' in HTTP response body is a reliable indicator of active credential exposure from this vulnerability. ↗
- →Regex pattern '"accounts":"[A-Za-z0-9+/=]{20,}"' in HTTP response body indicates base64-encoded Google account data is being leaked. ↗
- ·The vulnerability affects all versions up to and including 1.5.3 of the 'File Manager for Google Drive – Integrate Google Drive with WordPress' plugin; versions beyond 1.5.3 are not confirmed vulnerable. ↗
- ·Exploitation requires no authentication whatsoever — a single unauthenticated GET request to the site root is sufficient to trigger credential disclosure if the plugin is installed and active. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Integrate Google Drive <= 1.5.3 - Information Disclosure
nuclei·CVSS 7.5
CVE-2025-12139 [HIGH] Integrate Google Drive <= 1.5.3 - Information Disclosure
Integrate Google Drive <= 1.5.3 - Information Disclosure
File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress <= 1.5.3 contains sensitive information exposure caused by improper protection of the get_localize_data function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses, exploit requires no authentication.
Template:
id: CVE-2025-12139
info:
name: Integrate Google Drive <= 1.5.3 - Information Disclosure
author: Meysam Bal-afkan
severity: high
description: |
File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress <= 1.5.3 contains sensitive information exposure caused by improper protection of the get_localize_data function, letting unauthenticated attackers extract Go
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/integrate-google-drive/tags/1.5.3/includes/class-enqueue.php#L232https://plugins.trac.wordpress.org/browser/integrate-google-drive/tags/1.5.3/includes/class-enqueue.php#L243https://plugins.trac.wordpress.org/browser/integrate-google-drive/tags/1.5.3/includes/class-enqueue.php#L88https://plugins.trac.wordpress.org/changeset/3387825/integrate-google-drivehttps://www.wordfence.com/threat-intel/vulnerabilities/id/607073ad-3a4a-4a21-af0f-3ade81382605?source=cve
2025-11-05
Published