CVE-2025-12061

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
WPScanCNA
---
---
CISA-ADPADP
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Common Weakness Enumeration
References
https://wpscan.com/vulnerability/1015dd69-faa5-4008-8884-f497ff980ed3/