2 matches found
CVE-2025-12747
The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthenticated attackers to extract potentially sensitive...
CVE-2025-12747
The CVE-2025-12747 entry describes an information exposure in the WordPress Tainacan plugin up to version 1.0.0, where private-uploaded files are exposed in wp-content and readable by unauthenticated users. Connected sources confirm the issue and indicate a fix was introduced (e.g., GitHub diff 1...