Tax Service Electronic HDM < 1.2.1 - Unauthenticated Arbitrary SQL...

8.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Description

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements

AI Analysis

Unauthenticated arbitrary SQL execution vulnerability in TAX SERVICE Electronic HDM WordPress plugin before 1.2.1

Basic Information

ID CVE-2025-12061

Source WPScan

Published Nov 26, 2025 at 06:00

Modified Nov 26, 2025 at 14:39

Affected Product

Vendor Unknown

Product TAX SERVICE Electronic HDM

Affected Versions Unknown TAX SERVICE Electronic HDM 0

CWE Classification

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Unknown

Product TAX SERVICE Electronic HDM

Version < 1.2.1

References

wpscan.com /vulnerability/1015dd69-faa5-4008-8884-f497ff980ed3/

{
    "lastseen": "",
    "description": "The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements",
    "published": "2025-11-26T06:00:08.258Z",
    "modified": "2025-11-26T14:39:39.549Z",
    "type": "cve",
    "title": "Tax Service Electronic HDM < 1.2.1 - Unauthenticated Arbitrary SQL Execution",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/1015dd69-faa5-4008-8884-f497ff980ed3/",
    "id": "CVE-2025-12061",
    "bulletinFamily": "",
    "cwe": [
        "",
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown TAX SERVICE Electronic HDM 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TAX SERVICE Electronic HDM",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "Unauthenticated arbitrary SQL execution vulnerability in TAX SERVICE Electronic HDM WordPress plugin before 1.2.1",
    "ai_severity": "High",
    "ai_vendor": "Unknown",
    "ai_product": "TAX SERVICE Electronic HDM",
    "ai_version": "< 1.2.1",
    "ai_score": 8.6
}

Tax Service Electronic HDM < 1.2.1 - Unauthenticated Arbitrary SQL Execution_CVE-2025-12061