The Analytify Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0.3 via the Analytify Tag HTML details. This makes it possible for unauthenticated attackers to extract usernames from source code. While we generally do not assign CVE IDs to username exposure issues, this vendor has specifically requested we consider it a vulnerability.
PUBLISHED5.2CWE-200
Analytify Pro <= 7.0.3 - Unauthenticated Information Exposure
Problem type
Affected products
Analytify
Analytify Pro
<= 7.0.3 - AFFECTED
References
wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/47f57e90-94c9-4c9c-8700-bf591f6539ec?source=cve
analytify.io
https://analytify.io/
GitHub Security Advisories
GHSA-8hhj-9c46-c8mp
The Analytify Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all...
https://github.com/advisories/GHSA-8hhj-9c46-c8mpThe Analytify Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0.3 via the Analytify Tag HTML details. This makes it possible for unauthenticated attackers to extract usernames from source code. While we generally do not assign CVE IDs to username exposure issues, this vendor has specifically requested we consider it a vulnerability.
JSON source
Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-12521",
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"dateUpdated": "2025-10-31T17:49:17.740Z",
"dateReserved": "2025-10-30T16:34:15.561Z",
"datePublished": "2025-10-31T13:48:35.882Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence",
"dateUpdated": "2025-10-31T13:48:35.882Z"
},
"title": "Analytify Pro <= 7.0.3 - Unauthenticated Information Exposure",
"descriptions": [
{
"lang": "en",
"value": "The Analytify Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0.3 via the Analytify Tag HTML details. This makes it possible for unauthenticated attackers to extract usernames from source code. While we generally do not assign CVE IDs to username exposure issues, this vendor has specifically requested we consider it a vulnerability."
}
],
"affected": [
{
"vendor": "Analytify",
"product": "Analytify Pro",
"defaultStatus": "unaffected",
"versions": [
{
"version": "*",
"status": "affected",
"versionType": "semver",
"lessThanOrEqual": "7.0.3"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/47f57e90-94c9-4c9c-8700-bf591f6539ec?source=cve"
},
{
"url": "https://analytify.io/"
}
],
"metrics": [
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"timeline": [
{
"time": "2025-10-30T16:49:46.000+00:00",
"lang": "en",
"value": "Vendor Notified"
},
{
"time": "2025-10-30T00:00:00.000+00:00",
"lang": "en",
"value": "Disclosed"
}
],
"credits": [
{
"lang": "en",
"value": "WPBrigade Support",
"type": "finder"
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-10-31T17:49:17.740Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}