cbcvebase.
CVE-2025-12139
published 2025-11-05

CVE-2025-12139: The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress is vulnerable to sensitive information exposure in all versions…

PriorityP260high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.21%
80.4th percentile
The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.5.3 via the "get_localize_data" function. This makes it possible for unauthenticated attackers to extract sensitive data including Google OAuth credentials (client_id and client_secret) and Google account email addresses.

Affected

1 ranges
VendorProductVersion rangeFixed in
princeahmedfile_manager_for_google_drive_integrate_google_drive<= 1.5.3

Detection & IOCsextracted from sources · hover to see the quote

path/wp-content/plugins/integrate-google-drive
othervar igd
yara
contains(body, "var igd") AND regex("\"clientSecret\":\"[^\"]+\"", body) OR regex("\"accounts\":\"[A-Za-z0-9+/=]{20,}\"", body)
sigma
detection: keywords: - '"clientSecret":"' - '"clientID":"' - '"accounts":"' condition: keywords
  • Unauthenticated HTTP GET to the WordPress site root; a vulnerable response will contain the JavaScript variable 'var igd' in the body, exposing Google OAuth credentials (clientID, clientSecret) and base64-encoded account data (accounts) inline in the page source.
  • Presence of the plugin directory path '/wp-content/plugins/integrate-google-drive' in web server logs or HTTP responses can be used to fingerprint vulnerable installations.
  • The vulnerable function 'get_localize_data' leaks Google OAuth client_id, client_secret, and account email addresses to unauthenticated users; monitor for responses containing JSON keys 'clientID', 'clientSecret', or 'accounts' in WordPress page output.
  • Regex pattern '"clientSecret":"[^"]+"' in HTTP response body is a reliable indicator of active credential exposure from this vulnerability.
  • Regex pattern '"accounts":"[A-Za-z0-9+/=]{20,}"' in HTTP response body indicates base64-encoded Google account data is being leaked.
  • ·The vulnerability affects all versions up to and including 1.5.3 of the 'File Manager for Google Drive – Integrate Google Drive with WordPress' plugin; versions beyond 1.5.3 are not confirmed vulnerable.
  • ·Exploitation requires no authentication whatsoever — a single unauthenticated GET request to the site root is sufficient to trigger credential disclosure if the plugin is installed and active.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.