CVE-2025-12010
BaseFortify
Publication date: 2025-11-11
Last updated on: 2026-04-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | authors_list | 2.0.6.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Authors List plugin for WordPress allows authenticated users with Contributor-level access or higher to exploit an arbitrary method call in the Authors_List_Shortcode class. This enables them to extract sensitive user information such as password hashes, email addresses, usernames, and activation keys by using specially crafted shortcode attributes.
How can this vulnerability impact me? :
This vulnerability can lead to sensitive information exposure, allowing attackers with certain access levels to obtain confidential user data like password hashes and email addresses. This could result in unauthorized access, user impersonation, or further attacks on the affected WordPress site.