CVE-2025-12720 | g-FFL Cockpit Plugin up to 1.7.1 on WordPress handle_enqueue_only improper authorization

December 6, 2025 Yanac

A vulnerability labeled as critical has been found in g-FFL Cockpit Plugin up to 1.7.1 on WordPress. The affected element is the function handle_enqueue_only. Executing manipulation can lead to improper authorization.

This vulnerability is tracked as CVE-2025-12720. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More

CVE-2025-13748 | Fluent Forms Plugin up to 6.1.7 on WordPress confirmScaPayment submission_id resource injection
CVE-2025-12721 | g-FFL Cockpit Plugin up to 1.7.1 on WordPress REST API Endpoint /server_status authorization