High severity8.6NVD Advisory· Published Nov 26, 2025· Updated Apr 15, 2026

CVE-2025-12061

Description

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements

Affected products

WordPress/Tax Service Electronic Hdminferred
Range: <1.2.1
Package: https://wordpress.org/plugins/tax-service-electronic-hdm

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/1015dd69-faa5-4008-8884-f497ff980ed3/nvd

News mentions

No linked articles in our index yet.

cvss	0.559
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000