CVE-2012-6313

Simple Gmail Login < 1.1.4 - Unauthenticated Sensitive Information Exposure via Missing Timezone Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6313. PoCs published by Aditya Balapure.

AI-analyzed exploit summary The provided text describes an information-disclosure vulnerability in the Simple Gmail Login WordPress plugin (version 1.1.3 and prior). The error message indicates a fatal exception due to an invalid timezone parameter, which could leak sensitive information.

Description

simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Aditya Balapure · textwebappsphp

https://www.exploit-db.com/exploits/38111

View Code ZIP pw:eip

The provided text describes an information-disclosure vulnerability in the Simple Gmail Login WordPress plugin (version 1.1.3 and prior). The error message indicates a fatal exception due to an invalid timezone parameter, which could leak sensitive information.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Simple Gmail Login WordPress plugin <= 1.1.3

No auth needed

Prerequisites: Access to the WordPress plugin activation endpoint

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2012-12/0061.html

Product x_refsource_confirm

http://wordpress.org/extend/plugins/simple-gmail-login/changelog/

Scores

EPSS 0.0718

EPSS Percentile 93.5%

Details

CWE

CWE-200

Status published

Products (2)

simple_gmail_login/1.1.2

simple_gmail_login/1.1.3

Published Dec 11, 2012

Tracked Since Feb 18, 2026