cleantalk
Vulnerabilities and Security Researches

Authors List, CVE-2025-12010

CVE, Research URL

CVE-2025-12010

Home page URL

Security reports for Authors List

Application

Authors List

Published on
Nov 11, 2025
Research Description
The Authors List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.6.1 via the via arbitrary method call from Authors_List_Shortcode class. This makes it possible for authenticated attackers, with Contributor-level access and above, to call methods such as get_meta to extract sensitive user data including password hashes, email addresses, usernames, and activation keys via specially crafted shortcode attributes
Affected versions
max 2.0.6.1.
Status
vulnerable
Previous vulnerability researches
Authors List (CVE-2025-12010) , Dec 11, 2025
Authors List (CVE-2025-58792) , Sep 07, 2025
Authors List (CVE-2023-37981) , Jun 06, 2024
Authors List (cbbd4ece10cadfe6b69d301bf453299da41ad0b8) , Jun 06, 2024
Authors List (CVE-2024-13806) , Mar 03, 2025
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026