Vulnerabilities

CVE-2025-12720

by Fred · 06/12/2025

The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handle_enqueue_only() function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary products.

More information : https://github.com/d0n601/CVE-2025-12720

Similar

Tags: Cybersecurity Alert