Medium severity5.3NVD Advisory· Published Nov 13, 2025· Updated Apr 15, 2026
CVE-2025-12681
CVE-2025-12681
Description
The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajax_get_comment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, IP addresses, and email addresses.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=3.1.0+ 1 more
- (no CPE)range: <=3.1.0
- (no CPE)range: <=3.1.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.