How to fix CVE-2025-12721?

Within 30 days: Identify affected systems running for WordPress is vulnerable to Sensitive Information Exposur and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is WordPress affected by CVE-2025-12721?

Organizations using for WordPress is vulnerable to Sensitive Information Exposure in all should be aware of moderate risk from CVE-2025-12721, a missing authorization vulnerability rated CVSS 5.3. Attackers could gain access beyond their authorized level.

CVE-2025-12721

|

EUVD-2025-201533 MEDIUM

2025-12-06 [email protected]

Authentication Bypass WordPress Information Disclosure

5.3

CVSS 3.1

Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

2

EUVD ID Assigned

Mar 15, 2026 - 17:37 euvd

EUVD-2025-201533

CVE Published

Dec 06, 2025 - 06:15 nvd

MEDIUM 5.3

DescriptionNVD

The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /server_status REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the server.

AnalysisAI

The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /server_status REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the server.

Share

CVE-2025-12721 vulnerability details – vuln.today

Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy

CVE-2025-12721

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Share

External POC / Exploit Code