Vulnerabilities

CVE-2025-12681

by Fred · 13/11/2025

The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the ‘ajax_get_comment’ function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, IP addresses, and email addresses.

More information : https://plugins.trac.wordpress.org/browser/simple-comment-editing/trunk/includes/Ajax.php#L230

Similar

Tags: Cybersecurity Alert