g-FFL Cockpit

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-12721	WordPress G Ffl Cockpit	Med	0.34	5.3	0.00		Dec 6, 2025	The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /server_status REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the server.
CVE-2025-12720	g-FFL g-FFL Cockpit	Med	0.34	5.3	0.00		Dec 6, 2025	The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handle_enqueue_only() function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary products.

CVE-2025-12721MedDec 6, 2025
WordPress
G Ffl Cockpit
risk 0.34cvss 5.3epss 0.00
The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /server_status REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the server.
CVE-2025-12720MedDec 6, 2025
g-FFL
g-FFL Cockpit
risk 0.34cvss 5.3epss 0.00
The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handle_enqueue_only() function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary products.