CVE-2025-12061

high

Description

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements

References

https://wpscan.com/vulnerability/1015dd69-faa5-4008-8884-f497ff980ed3/

Details

Source: Mitre, NVD

Published: 2025-11-26

Updated: 2025-11-26

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.6

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00011

Detections

Analytics