{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12521", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-30T16:34:15.561Z", "datePublished": "2025-10-31T13:48:35.882Z", "dateUpdated": "2025-11-03T14:22:19.957Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-10-31T13:48:35.882Z"}, "affected": [{"vendor": "Analytify", "product": "Analytify Pro", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "7.0.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Analytify Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0.3 via the Analytify Tag HTML details. This makes it possible for unauthenticated attackers to extract usernames from source code. While we generally do not assign CVE IDs to username exposure issues, this vendor has specifically requested we consider it a vulnerability."}], "title": "Analytify Pro <= 7.0.3 - Unauthenticated Information Exposure", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/47f57e90-94c9-4c9c-8700-bf591f6539ec?source=cve"}, {"url": "https://analytify.io/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "WPBrigade Support"}], "timeline": [{"time": "2025-10-30T16:49:46.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-10-30T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-03T14:22:15.784408Z", "id": "CVE-2025-12521", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-03T14:22:19.957Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12521", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-03T14:22:15.784408Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-31T17:49:12.024Z"}}], "cna": {"title": "Analytify Pro <= 7.0.3 - Unauthenticated Information Exposure", "credits": [{"lang": "en", "type": "finder", "value": "WPBrigade Support"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "Analytify", "product": "Analytify Pro", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "7.0.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-30T16:49:46.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-10-30T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/47f57e90-94c9-4c9c-8700-bf591f6539ec?source=cve"}, {"url": "https://analytify.io/"}], "descriptions": [{"lang": "en", "value": "The Analytify Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0.3 via the Analytify Tag HTML details. This makes it possible for unauthenticated attackers to extract usernames from source code. While we generally do not assign CVE IDs to username exposure issues, this vendor has specifically requested we consider it a vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-10-31T13:48:35.882Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12521", "state": "PUBLISHED", "dateUpdated": "2025-11-03T14:22:19.957Z", "dateReserved": "2025-10-30T16:34:15.561Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-10-31T13:48:35.882Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Analytify Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0.3 via the Analytify Tag HTML details. This makes it possible for unauthenticated attackers to extract usernames from source code. While we generally do not assign CVE IDs to username exposure issues, this vendor has specifically requested we consider it a vulnerability."}], "id": "CVE-2025-12521", "lastModified": "2025-11-04T15:41:31.450", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-10-31T14:16:12.487", "references": [{"source": "security@wordfence.com", "url": "https://analytify.io/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/47f57e90-94c9-4c9c-8700-bf591f6539ec?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"created": "2025-11-03T10:43:56.165398+00:00", "updated": "2025-11-03T10:43:56.165423+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}