WordPress Upload.am Arbitrary Option Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An arbitrary option disclosure vulnerability exists in WordPress Upload.am, which stems from a lack of capability checking by the AJAX request processor, which can be...

CVE-2025-12630

The Upload.am WordPress plugin before 1.0.1 is vulnerable to arbitrary option disclosure due to a missing capability check on its AJAX request handler, allowing users such as contributor to view site options...

WordPress Upload.am plugin < 1.0.1 - Contributor+ Arbitrary Option Disclosure vulnerability

Contributor+ Arbitrary Option Disclosure vulnerability discovered by Beatriz Fresno Naumova beafn28 in WordPress Plugin Upload.am versions 1.0.1...

EUVD-2025-200267

The Upload.am WordPress plugin before 1.0.1 is vulnerable to arbitrary option disclosure due to a missing capability check on its AJAX request handler, allowing users such as contributor to view site options...

CVE-2025-12630 Upload.am File Hosting VPN < 1.0.1 - Contributor+ Arbitrary Option Disclosure

The Upload.am WordPress plugin before 1.0.1 is vulnerable to arbitrary option disclosure due to a missing capability check on its AJAX request handler, allowing users such as contributor to view site options...

CVE-2025-12630 Upload.am File Hosting VPN < 1.0.1 - Contributor+ Arbitrary Option Disclosure

The Upload.am WordPress plugin before 1.0.1 is vulnerable to arbitrary option disclosure due to a missing capability check on its AJAX request handler, allowing users such as contributor to view site options...

CVE-2025-12630

CVE-2025-12630 affects the Upload.am WordPress plugin prior to version 1.0.1. The root cause is a missing capability check in the plugin’s AJAX request handler, enabling an attacker (e.g., a contributor) to disclose site options. The CVE description and connected sources consistently describe arb...