CVE-2025-12721

Published December 6th, 2025

View on NVD ↗

CVSS v3

5.3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /server_status REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the server.

d0n601/CVE-2025-12721

g-FFL Cockpit <= 1.7.1 - Missing Authorization to Unauthenticated Information Exposure

GitHub