CVE-2025-12521 MEDIUM

CVE-2025-12521: Analytify Pro <= 7.0.3 - Unauthenticated Information Exposure

Vendor Analytify

Product Analytify Pro

Weakness CWE-200 · Info exposure

Published October 31, 2025

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The Analytify Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0.3 via the Analytify Tag HTML details. This makes it possible for unauthenticated attackers to extract usernames from source code. While we generally do not assign CVE IDs to username exposure issues, this vendor has specifically requested we consider it a vulnerability.

Key dates

02Disclosure timeline

October 31, 2025 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-12521

Related vulnerabilities

CVE-2025-12521: Analytify Pro <= 7.0.3 - Unauthenticated Information Exposure

01Description

02Disclosure timeline

03References

04Related CVE