CVE-2025-12139 is a vulnerability classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) found in the WordPress plugin 'File Manager for Google Drive – Integrate Google Drive' developed by princeahmed. This plugin facilitates integration between WordPress sites and Google Drive, allowing file management through the WordPress interface. The vulnerability resides in the 'get_localize_data' function, which improperly exposes sensitive data without requiring authentication. Specifically, attackers can extract Google OAuth credentials, including the client_id and client_secret, as well as Google account email addresses associated with the plugin's configuration. These credentials are critical because they enable OAuth-based access to Google Drive APIs, potentially allowing attackers to impersonate the legitimate application and access or manipulate stored files. The vulnerability affects all plugin versions up to and including 1.5.3. The CVSS v3.1 score is 7.5 (high), reflecting the ease of exploitation (network vector, no privileges or user interaction needed) and the high confidentiality impact, while integrity and availability remain unaffected. No patches were linked at the time of publication, and no known exploits have been reported in the wild. However, the exposure of OAuth credentials poses a significant risk of unauthorized data access and potential lateral movement within affected environments. Organizations relying on this plugin should consider the risk of credential compromise and the potential for attackers to leverage these credentials to access sensitive Google Drive data.

For European organizations, the exposure of Google OAuth credentials can lead to unauthorized access to corporate Google Drive accounts, resulting in data leakage, intellectual property theft, and potential compliance violations under GDPR due to unauthorized data disclosure. The confidentiality breach could extend to sensitive business documents, employee data, and client information stored in Google Drive. Since the vulnerability requires no authentication and can be exploited remotely, attackers can target vulnerable WordPress sites at scale. This could also facilitate further attacks such as phishing or lateral movement if attackers use the stolen credentials to escalate privileges or access other connected services. The impact is particularly severe for organizations heavily reliant on Google Workspace and integrated cloud services. Additionally, reputational damage and regulatory penalties could arise from failure to protect sensitive credentials and data. The absence of known exploits currently provides a window for proactive mitigation, but the high severity score indicates urgent attention is necessary.

1. Immediately monitor for updates from the plugin vendor and apply patches as soon as they become available. 2. If patches are not yet released, consider temporarily disabling the plugin or removing it from production environments to prevent exploitation. 3. Audit and rotate Google OAuth credentials (client_id and client_secret) associated with the plugin to invalidate any potentially compromised tokens. 4. Implement strict access controls on WordPress admin areas and limit plugin usage to trusted administrators. 5. Employ web application firewalls (WAFs) to detect and block suspicious requests targeting the 'get_localize_data' function or related endpoints. 6. Conduct regular security assessments and vulnerability scans on WordPress installations to identify outdated or vulnerable plugins. 7. Educate administrators on the risks of exposing OAuth credentials and enforce secure coding and configuration practices. 8. Monitor Google Workspace logs for unusual access patterns or unauthorized API calls that could indicate credential misuse. 9. Consider isolating Google Drive integrations to minimize the blast radius if credentials are compromised. 10. Maintain an incident response plan to quickly address any detected exploitation attempts.