ByteOS Network

NVD Vulnerability Details :

CVE-2025-12721

Awaiting Analysis

Source-security@wordfence.com

Published At-06 Dec, 2025 | 06:15

Updated At-08 Apr, 2026 | 17:20

The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /server_status REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the server.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-862	Secondary	security@wordfence.com

CWE ID: CWE-862

Type: Secondary

Source: security@wordfence.com

References

Hyperlink	Source	Resource
https://github.com/d0n601/CVE-2025-12721	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/browser/g-ffl-cockpit/trunk/includes/class-sync-endpoint.php#L1385	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/changeset/3413768/	security@wordfence.com	N/A
https://ryankozak.com/posts/cve-2025-12721/	security@wordfence.com	N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/2fd8c981-081c-4671-ad1e-3caf004669dd?source=cve	security@wordfence.com	N/A