CVE-2025-12539: CWE-922 Insecure Storage of Sensitive Information in leopardhost TNC Toolbox: Web Performance
The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials (hostname, username, and API key) in files within the web-accessible wp-content directory without adequate protection in the "Tnc_Wp_Toolbox_Settings::save_settings" function. This makes it possible for unauthenticated attackers to retrieve these credentials and use them to interact with the cPanel API, which can lead to arbitrary file uploads, remote code execution, and full compromise of the hosting environment.
AI Analysis
Technical Summary
CVE-2025-12539 is a critical vulnerability in the leopardhost TNC Toolbox: Web Performance WordPress plugin (versions up to 1.4.2) caused by insecure storage of sensitive information (cPanel API hostname, username, and API key) in files within the web-accessible wp-content directory. The vulnerable function "Tnc_Wp_Toolbox_Settings::save_settings" fails to adequately protect these credentials, allowing unauthenticated attackers to retrieve them. With these credentials, attackers can interact with the cPanel API to perform actions such as arbitrary file uploads and remote code execution, resulting in full compromise of the hosting environment.
Potential Impact
Exposure of cPanel API credentials can lead to complete compromise of the hosting environment, including unauthorized file uploads and remote code execution. The vulnerability has a CVSS 3.1 score of 10.0, indicating critical impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported yet.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the wp-content directory and remove or secure any files storing cPanel API credentials. Consider disabling or uninstalling the plugin if possible to prevent exploitation.
CVE-2025-12539: CWE-922 Insecure Storage of Sensitive Information in leopardhost TNC Toolbox: Web Performance
Description
The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials (hostname, username, and API key) in files within the web-accessible wp-content directory without adequate protection in the "Tnc_Wp_Toolbox_Settings::save_settings" function. This makes it possible for unauthenticated attackers to retrieve these credentials and use them to interact with the cPanel API, which can lead to arbitrary file uploads, remote code execution, and full compromise of the hosting environment.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-12539 is a critical vulnerability in the leopardhost TNC Toolbox: Web Performance WordPress plugin (versions up to 1.4.2) caused by insecure storage of sensitive information (cPanel API hostname, username, and API key) in files within the web-accessible wp-content directory. The vulnerable function "Tnc_Wp_Toolbox_Settings::save_settings" fails to adequately protect these credentials, allowing unauthenticated attackers to retrieve them. With these credentials, attackers can interact with the cPanel API to perform actions such as arbitrary file uploads and remote code execution, resulting in full compromise of the hosting environment.
Potential Impact
Exposure of cPanel API credentials can lead to complete compromise of the hosting environment, including unauthorized file uploads and remote code execution. The vulnerability has a CVSS 3.1 score of 10.0, indicating critical impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported yet.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the wp-content directory and remove or secure any files storing cPanel API credentials. Consider disabling or uninstalling the plugin if possible to prevent exploitation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-10-30T21:09:49.456Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69131c131c700d145d0c4ce1
Added to database: 11/11/2025, 11:20:51 AM
Last enriched: 4/9/2026, 9:00:26 PM
Last updated: 5/10/2026, 4:44:51 AM
Views: 225
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.