CVE-2025-12879
BaseFortify
Publication date: 2025-12-05
Last updated on: 2025-12-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | user_generator_and_importer | 1.2.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the User Generator and Importer plugin for WordPress (versions up to and including 1.2.2). It occurs because the plugin's "Import Using CSV File" function lacks nonce validation, allowing an attacker to trick a site administrator into performing an action, such as clicking a malicious link, which then lets the attacker create arbitrary user accounts with administrator privileges without authentication.
How can this vulnerability impact me? :
An attacker can exploit this vulnerability to create administrator accounts on your WordPress site without your knowledge. This privilege escalation can lead to full site compromise, including unauthorized access, data modification, and potential disruption of services.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the User Generator and Importer plugin for WordPress to a version later than 1.2.2 where the nonce validation issue is fixed. Additionally, avoid clicking on suspicious links and ensure site administrators are aware of the risk of forged requests. Implementing proper nonce validation and restricting user privilege changes to authenticated and authorized actions can help prevent exploitation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability, you can monitor for unauthorized or suspicious user creation activity, especially accounts with administrator roles created via the User Generator and Importer plugin version 1.2.2. Since the vulnerability involves the 'Import Using CSV File' function without nonce validation, look for HTTP POST requests to the plugin's import endpoint that include CSV data or user creation parameters. You can use web server logs or network monitoring tools to identify such requests. For example, using grep on web server logs to find POST requests to the plugin's PHP file (e.g., user-generator.php) or CSV upload attempts. Example commands: 1. grep 'POST .*user-generator.php' /var/log/apache2/access.log 2. grep 'Import Using CSV File' /var/log/apache2/access.log 3. Use WordPress user enumeration commands or database queries to find recently created users with administrator roles, e.g., querying the wp_users and wp_usermeta tables for new admin accounts. Note that no specific detection commands are provided in the resources, but monitoring for unusual admin user creation and inspecting plugin-related HTTP requests is recommended. [1]