WordPress g-FFL Cockpit plugin <= 1.7.1 - Missing Authorization to Unauthenticated Information Exposure vulnerability

Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by Ryan Kozak in WordPress Plugin g-FFL Cockpit versions = 1.7.1...

CVE-2025-12720

The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handleenqueueonly function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary...

CVE-2025-12721

The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /serverstatus REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the serv...

CVE-2025-12720

The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handleenqueueonly function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary...

CVE-2025-12720 g-FFL Cockpit <= 1.7.1 - Improper Authorization to Unauthenticated Product Deletion

The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handleenqueueonly function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary...

CVE-2025-12720 g-FFL Cockpit <= 1.7.1 - Improper Authorization to Unauthenticated Product Deletion

The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handleenqueueonly function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary...

CVE-2025-12721 g-FFL Cockpit <= 1.7.1 - Missing Authorization to Unauthenticated Information Exposure

The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /serverstatus REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the serv...

CVE-2025-12721

The CVE-2025-12721 entry concerns the WordPress plugin g-FFL Cockpit (versions up to 1.7.1). Public docs indicate a Missing Authorization to Unauthenticated Information Exposure via the /server_status REST endpoint, allowing unauthenticated attackers to extract server information. Connected sourc...

WordPress plugin g-FFL Cockpit 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... An authorization...

PT-2025-49337

The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /server status REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the...

WordPress plugin g-FFL Cockpit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...