CVE-2025-12139 is a vulnerability classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) found in the WordPress plugin 'File Manager for Google Drive – Integrate Google Drive' developed by princeahmed. This plugin facilitates integration between WordPress sites and Google Drive, allowing file management through the WordPress interface. The vulnerability exists in all versions up to and including 1.5.3 within the 'get_localize_data' function. This function improperly exposes sensitive data without requiring authentication, enabling any remote attacker to retrieve critical Google OAuth credentials such as client_id and client_secret, as well as Google account email addresses associated with the plugin configuration. These credentials are intended to be confidential as they allow OAuth-based access to Google Drive resources. The vulnerability is remotely exploitable over the network without any user interaction or privileges, making it highly accessible to attackers. The exposure of OAuth credentials can lead to unauthorized access to connected Google Drive accounts, potentially resulting in data theft, manipulation, or further compromise of organizational resources. Although no public exploits have been reported yet, the potential for abuse is significant due to the nature of the data exposed and the ease of exploitation. The CVSS v3.1 base score is 7.5, reflecting high confidentiality impact, no impact on integrity or availability, and no requirements for authentication or user interaction. The vulnerability was published on November 5, 2025, and no patches or fixes are currently linked, indicating the need for urgent attention from users of the plugin.

For European organizations, the exposure of Google OAuth credentials can have severe consequences. Unauthorized actors gaining access to these credentials can impersonate the organization’s WordPress plugin to access Google Drive files, potentially leading to data breaches involving sensitive corporate documents, intellectual property, or personal data protected under GDPR. This can result in regulatory penalties, reputational damage, and operational disruptions. Since the vulnerability does not require authentication, attackers can exploit it at scale, increasing the risk of widespread compromise. Organizations relying heavily on Google Drive integration for collaboration and document management are particularly vulnerable. The confidentiality breach could also facilitate further attacks, such as phishing or lateral movement within the organization’s IT environment. The absence of known exploits in the wild provides a window for mitigation, but the high severity score underscores the urgency for European entities to act promptly.

1. Immediately audit WordPress sites for the presence of the 'File Manager for Google Drive – Integrate Google Drive' plugin and identify affected versions (up to 1.5.3). 2. Disable or uninstall the plugin until a security patch or updated version is released by the vendor. 3. Monitor official channels from the plugin developer and WordPress security advisories for patch releases and apply updates promptly. 4. Rotate Google OAuth credentials (client_id and client_secret) associated with the plugin to invalidate any potentially compromised tokens. 5. Implement strict access controls and monitoring on Google Drive accounts linked to the plugin to detect unauthorized access attempts. 6. Employ web application firewalls (WAF) with custom rules to block suspicious requests targeting the 'get_localize_data' function or related endpoints. 7. Educate site administrators on the risks of using outdated or untrusted plugins and encourage regular security assessments. 8. Consider alternative, more secure plugins or integration methods that follow best security practices for OAuth credential handling.