cleantalk
Vulnerabilities and Security Researches

Tainacan, CVE-2025-12747

CVE, Research URL

CVE-2025-12747

Home page URL

Security reports for Tainacan

Application

Tainacan

Published on
Nov 21, 2025
Research Description
The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthenticated attackers to extract potentially sensitive information from files that have been marked as private.
Affected versions
max 1.0.1.
Status
vulnerable
Previous vulnerability researches
Magento 2 WordPress Integration (CVE-2025-58669) , Oct 11, 2025
New vulnerability
Eupago Gateway For Woocommerce (CVE-2025-62870) , Dec 11, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-13196) , Dec 11, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-11536) , Dec 11, 2025
Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease (CVE-2025-11244) , Dec 11, 2025
Advanced Custom Fields: Extended (CVE-2025-13486) , Dec 11, 2025