{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12010", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-21T12:38:07.051Z", "datePublished": "2025-11-11T03:30:38.901Z", "dateUpdated": "2026-04-08T16:52:33.327Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:52:33.327Z"}, "affected": [{"vendor": "wpkube", "product": "Authors List", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.0.6.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Authors List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.6.1 via the via arbitrary method call from Authors_List_Shortcode class. This makes it possible for authenticated attackers, with Contributor-level access and above, to call methods such as get_meta to extract sensitive user data including password hashes, email addresses, usernames, and activation keys via specially crafted shortcode attributes"}], "title": "Authors List <= 2.0.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Limited Method Call in Plugin's Shortcode", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5189c1c0-2d4c-47f5-b8d9-3192a670e586?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/authors-list/tags/2.0.6.1/includes/class-authors-list-shortcode.php#L868"}, {"url": "https://plugins.trac.wordpress.org/browser/authors-list/tags/2.0.6.1/includes/class-authors-list-shortcode.php#L852"}, {"url": "https://plugins.trac.wordpress.org/browser/authors-list/tags/2.0.6.2/includes/class-authors-list-shortcode.php#L868"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "kai"}], "timeline": [{"time": "2025-10-13T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-11-10T15:24:36.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-12T16:08:48.563988Z", "id": "CVE-2025-12010", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-12T20:07:34.671Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12010", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-12T16:08:48.563988Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-12T16:08:50.349Z"}}], "cna": {"title": "Authors List <= 2.0.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Limited Method Call in Plugin's Shortcode", "credits": [{"lang": "en", "type": "finder", "value": "kai"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "wpkube", "product": "Authors List", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.0.6.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-13T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-11-10T15:24:36.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5189c1c0-2d4c-47f5-b8d9-3192a670e586?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/authors-list/tags/2.0.6.1/includes/class-authors-list-shortcode.php#L868"}, {"url": "https://plugins.trac.wordpress.org/browser/authors-list/tags/2.0.6.1/includes/class-authors-list-shortcode.php#L852"}, {"url": "https://plugins.trac.wordpress.org/browser/authors-list/tags/2.0.6.2/includes/class-authors-list-shortcode.php#L868"}], "descriptions": [{"lang": "en", "value": "The Authors List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.6.1 via the via arbitrary method call from Authors_List_Shortcode class. This makes it possible for authenticated attackers, with Contributor-level access and above, to call methods such as get_meta to extract sensitive user data including password hashes, email addresses, usernames, and activation keys via specially crafted shortcode attributes"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:52:33.327Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12010", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:52:33.327Z", "dateReserved": "2025-10-21T12:38:07.051Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-11T03:30:38.901Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Authors List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.6.1 via the via arbitrary method call from Authors_List_Shortcode class. This makes it possible for authenticated attackers, with Contributor-level access and above, to call methods such as get_meta to extract sensitive user data including password hashes, email addresses, usernames, and activation keys via specially crafted shortcode attributes"}], "id": "CVE-2025-12010", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-11T04:15:45.630", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/authors-list/tags/2.0.6.1/includes/class-authors-list-shortcode.php#L852"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/authors-list/tags/2.0.6.1/includes/class-authors-list-shortcode.php#L868"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/authors-list/tags/2.0.6.2/includes/class-authors-list-shortcode.php#L868"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5189c1c0-2d4c-47f5-b8d9-3192a670e586?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T12:52:52.558030+00:00", "value": {"mitigation_remediation": ["Upgrade the Authors List plugin to version 2.0.6.2 or later, which contains the fix for the method-call vulnerability.", "If an upgrade cannot be performed immediately, restrict the execution of the authors-list shortcode to users with Administrator role only, or disable the shortcode for Contributor and higher roles using a role-management plugin or a small custom filter.", "As a temporary protection, remove or replace the Authors List plugin from sites that must remain on older versions and cannot enforce role restrictions, thereby eliminating the vulnerable code path."], "summary": {"action": "Immediate Patch", "impact": "Sensitive data exposure due to exposed user metadata"}, "threat_synthesis": {"affected_systems": "WordPress sites that use the Authors List plugin, targeting any release up to and including version 2.0.6.1. Versions prior to 2.0.6.2 are affected; 2.0.6.2 and later include the fix.", "description_and_impact": "The Authors List\u00a0plugin for WordPress allows an authenticated attacker with Contributor or higher privileges to craft a shortcode that invokes a private method of the Authors_List_Shortcode class. This method call can retrieve sensitive user information, including password hashes, email addresses, usernames, and activation keys. The flaw is a classic Sensitive Data Exposure bug (CWE\u2011200) that does not compromise the system itself but leaking information that could be used for credential stuffing or further exploitation.", "risk_and_exploitability": "The CVSS score of 6.5 reflects a moderate severity. The EPSS score is below 1%, indicating a very low but non\u2011zero probability of exploitation in the wild, and the vulnerability is not yet listed in CISA\u2019s KEV catalog. An attacker must be authenticated with Contributor or higher permissions, craft a malicious shortcode payload, and embed it in a post or page to trigger the vulnerable method. Once executed, the attacker can harvest private user metadata."}}}}, "created": "2025-11-12T12:48:01.341696+00:00", "updated": "2026-04-22T13:00:09.730649+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "wpkube", "wpkube$PRODUCT$authors_list"]}