CVE-2025-12666
📋 TL;DR
This stored XSS vulnerability in the Google Drive upload and download link WordPress plugin allows authenticated attackers with Contributor-level access or higher to inject malicious scripts via the 'link' parameter. When users visit pages containing the compromised shortcode, the scripts execute in their browsers. All WordPress sites using this plugin up to version 1.0 are affected.
💻 Affected Systems
- Google Drive upload and download link WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, redirect users to malicious sites, deface websites, or install backdoors for persistent access.
Likely Case
Attackers with contributor accounts inject malicious scripts to steal user session cookies or redirect visitors to phishing pages.
If Mitigated
With proper user role management and content review, impact is limited to potential defacement of specific pages.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has Contributor privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: https://wordpress.org/plugins/google-drive-upload-and-download-link/
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Deactivate and delete the 'Google Drive upload and download link' plugin
4. Find an alternative secure plugin for Google Drive integration
🔧 Temporary Workarounds
Remove Contributor role access
allTemporarily restrict plugin usage to only trusted administrators
Disable shortcode execution
allRemove or disable the 'atachfilegoogle' shortcode from theme files
🧯 If You Can't Patch
- Implement strict content review for all posts/pages created by Contributor-level users
- Install a web application firewall (WAF) with XSS protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Google Drive upload and download link' plugin version 1.0 or earlierCheck Version:
wp plugin list --name='google-drive-upload-and-download-link' --field=versionVerify Fix Applied:
Confirm the plugin is no longer installed or has been replaced with a secure alternative📡 Detection & Monitoring
Log Indicators:
- Unusual post/page edits by Contributor users
- Suspicious 'link' parameter values in shortcodes
Network Indicators:
- Unexpected JavaScript execution from WordPress pages
- External script loading from unusual domains
SIEM Query:
source="wordpress" AND (event="post_edit" OR event="page_edit") AND user_role="contributor" AND content CONTAINS "atachfilegoogle"