{"cve":{"cve_id":"CVE-2025-12521","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00228,"epss_percentile":0.13274,"epss_as_of":"2026-06-23","description":"The Analytify Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0.3 via the Analytify Tag HTML details. This makes it possible for unauthenticated attackers to extract usernames from source code. While we generally do not assign CVE IDs to username exposure issues, this vendor has specifically requested we consider it a vulnerability.","published_at":"2025-10-31T13:48:35.882000Z","last_modified_at":null,"cvss_v3_score":5.3,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-200"],"nvd_references":["https://www.wordfence.com/threat-intel/vulnerabilities/id/47f57e90-94c9-4c9c-8700-bf591f6539ec?source=cve","https://analytify.io/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:25:16.624289Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"L","value_label":"Low"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"analytify","vendor_name":"Analytify","product_slug":"analytify-pro","product_name":"Analytify Pro","version_start":"0","version_start_inclusive":true,"version_end":"7.0.3","version_end_inclusive":true,"cpe23_uri":"cve5:analytify:analytify-pro:0:7.0.3"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/47f57e90-94c9-4c9c-8700-bf591f6539ec?source=cve","source_type":"MISC","tags":[]},{"url":"https://analytify.io/","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2025-10-31T13:48:35.882000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:41:20.329609Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:41:20.329609Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:41:20.329609Z","label":"CVSS score revised","source":"cvelistv5"}]}