CVE-2025-12061HIGH 8.6EPSS p4.7%

CVE-2025-12061CVE-2025-12061

Description

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS0.15% probability of exploitation · percentile 4.7% · 2026-06-18T12:00:27Z
Published2025-11-26
Last modified2026-04-15

Underlying weaknesses· 2

CWE-352CWE-862

References

  1. https://wpscan.com/vulnerability/1015dd69-faa5-4008-8884-f497ff980ed3/

2

TypeTargetConfidenceTier
WeaknessCross-Site Request Forgery (CSRF)cwe-3520%live
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-4578
CVE
CVE-2025-9697
CVE
CVE-2025-9587
CVE
CVE-2025-14124
CVE
CVE-2026-3326
CVE
CVE-2025-12879
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.