CVE-2025-12061

Summary

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements

Affected Software

VendorProductVersion RangeStatus
UnknownTAX SERVICE Electronic HDM0 < 1.2.1affected

Weaknesses

  • CWE-862 Missing Authorization
  • CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References