CVE-2025-12370
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-05

Last updated on: 2025-12-08

Assigner: Wordfence

Description
The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the plugin's configuration options.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-05
Last Modified
2025-12-08
Generated
2026-06-16
AI Q&A
2025-12-05
EPSS Evaluated
2026-06-14
NVD
CVE-2025-12370
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordpress monetize-link 1.0.13
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The Takeads plugin for WordPress has an authorization bypass vulnerability in all versions up to and including 1.0.13. This means the plugin does not properly check if a user is allowed to perform certain actions. As a result, authenticated users with subscriber-level access or higher can delete the plugin's configuration options, which they should not normally be able to do.

Impact Analysis

This vulnerability allows authenticated users with low-level access (subscriber and above) to delete the plugin's configuration options. This could disrupt the plugin's functionality, potentially causing service interruptions or loss of important settings, which may affect the website's operation or user experience.

Detection Guidance

Detection can focus on monitoring AJAX requests to the vulnerable action 'wp_ajax_' concatenated with the plugin's AJAX_ACTION constant. Specifically, look for POST requests to admin-ajax.php with the action parameter matching the plugin's delete operation. Since the vulnerability involves unauthorized deletion of plugin options via this AJAX call, you can detect exploitation attempts by logging or capturing such requests. Commands to detect such activity might include using network monitoring tools like tcpdump or Wireshark to filter HTTP POST requests to admin-ajax.php with the relevant action parameter. For example, using tcpdump: tcpdump -i any -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' and then filtering for 'action=mlp_delete' or the actual AJAX_ACTION value if known. Additionally, WordPress logs or security plugins might be configured to log AJAX actions. However, no specific commands are provided in the resources. [2]

Mitigation Strategies

Immediate mitigation steps include updating the Takeads plugin to a version later than 1.0.13 where the authorization bypass vulnerability is fixed. If an update is not yet available, restrict access to the plugin's AJAX delete action by implementing additional authorization checks or disabling the AJAX delete functionality temporarily. Also, monitor and audit user roles to ensure that only trusted users have subscriber-level or higher access, as the vulnerability requires at least subscriber-level authentication. Applying web application firewall (WAF) rules to block suspicious AJAX requests targeting the vulnerable action can also help mitigate exploitation. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12370. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart