CVE-2025-62955

2025-12-21 [email protected]
Information Disclosure

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 21, 2025 - 21:15 nvd
N/A

DescriptionNVD

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HappyDevs TempTool [Show Current Template Info] current-template-name allows Retrieve Embedded Sensitive Data.This issue affects TempTool [Show Current Template Info]: from n/a through <= 1.3.1.

AnalysisAI

HappyDevs TempTool plugin for WordPress exposes sensitive system information through an information disclosure vulnerability affecting versions up to 1.3.1. The vulnerability allows unauthorized parties to retrieve embedded sensitive data by exploiting improper access controls, specifically in the [Show Current Template Info] functionality. With an EPSS score of 0.04% and no CVSS vector assigned, exploitation likelihood is low, though the information disclosed could inform secondary attacks.

Technical ContextAI

This vulnerability stems from CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere), which describes cases where sensitive data intended for privileged users is accessible to unauthorized parties due to insufficient access controls. The HappyDevs TempTool WordPress plugin, specifically its [Show Current Template Info] feature, fails to properly restrict access to template metadata and system information. The plugin likely exposes configuration details, template names, or server environment data through inadequate permission checks or direct information leakage in plugin outputs, allowing unauthenticated or low-privileged users to enumerate system details.

Affected ProductsAI

HappyDevs TempTool WordPress plugin versions 1.3.1 and earlier are affected. The plugin is identified through the CPE context as a WordPress plugin offering template information display functionality. Detailed version ranges below 1.3.1 are not specified in available data, but the vendor advisory at patchstack.com/database indicates the entire released version history up to and including 1.3.1 is vulnerable.

RemediationAI

Update HappyDevs TempTool to the latest patched version above 1.3.1 immediately. No specific fixed version is confirmed in the provided data; consult the vendor's WordPress.org plugin repository or the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/current-template-name/vulnerability/wordpress-temptool-show-current-template-info-plugin-1-3-1-sensitive-data-exposure-vulnerability?_s_id=cve for the exact patched release. If immediate patching is unavailable, consider disabling the [Show Current Template Info] feature or restricting plugin functionality through access controls until an update is released. Review server access logs to determine if the vulnerability has been exploited in your environment.

Share

CVE-2025-62955 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy