{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12027", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-21T15:18:05.634Z", "datePublished": "2026-02-19T03:25:10.834Z", "dateUpdated": "2026-04-08T16:42:09.637Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:42:09.637Z"}, "affected": [{"vendor": "horearadu", "product": "Mesmerize Companion", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.6.158", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the \"openPageInCustomizer\" and \"openPageInDefaultEditor\" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticated attackers - with subscriber level access and above, on websites with the Mesmerize theme activated - to mark arbitrary pages as maintainable, wrap their content in custom sections, change page template metadata, and toggle the default editor flag without proper authorization."}], "title": "Mesmerize Companion <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/242a3c60-b8ca-43cc-92d7-eb3830381512?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3385651%40mesmerize-companion&old=3270403%40mesmerize-companion&sfp_email=&sfph_mail="}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3385651%40mesmerize-companion&new=3385651%40mesmerize-companion&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Rafshanzani Suhada"}], "timeline": [{"time": "2025-10-13T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2026-01-28T16:37:44.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-02-18T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-19T17:04:47.574608Z", "id": "CVE-2025-12027", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T17:44:05.140Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12027", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-19T17:04:47.574608Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T17:04:49.139Z"}}], "cna": {"title": "Mesmerize Companion <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update", "credits": [{"lang": "en", "type": "finder", "value": "Rafshanzani Suhada"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "horearadu", "product": "Mesmerize Companion", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.6.158"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-13T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2026-01-28T16:37:44.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-02-18T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/242a3c60-b8ca-43cc-92d7-eb3830381512?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3385651%40mesmerize-companion&old=3270403%40mesmerize-companion&sfp_email=&sfph_mail="}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3385651%40mesmerize-companion&new=3385651%40mesmerize-companion&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the \"openPageInCustomizer\" and \"openPageInDefaultEditor\" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticated attackers - with subscriber level access and above, on websites with the Mesmerize theme activated - to mark arbitrary pages as maintainable, wrap their content in custom sections, change page template metadata, and toggle the default editor flag without proper authorization."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:42:09.637Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12027", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:42:09.637Z", "dateReserved": "2025-10-21T15:18:05.634Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-19T03:25:10.834Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the \"openPageInCustomizer\" and \"openPageInDefaultEditor\" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticated attackers - with subscriber level access and above, on websites with the Mesmerize theme activated - to mark arbitrary pages as maintainable, wrap their content in custom sections, change page template metadata, and toggle the default editor flag without proper authorization."}, {"lang": "es", "value": "El plugin Mesmerize Companion para WordPress es vulnerable a acceso no autorizado y modificaci\u00f3n de datos debido a una falta de verificaci\u00f3n de capacidad en las funciones 'openPageInCustomizer' y 'openPageInDefaultEditor' en todas las versiones hasta la 1.6.158, inclusive. Esto hace posible que atacantes autenticados - con acceso de nivel suscriptor y superior, en sitios web con el tema Mesmerize activado - marquen p\u00e1ginas arbitrarias como mantenibles, envuelvan su contenido en secciones personalizadas, cambien metadatos de plantillas de p\u00e1gina y alternen el indicador del editor predeterminado sin la debida autorizaci\u00f3n."}], "id": "CVE-2025-12027", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-19T07:17:26.963", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3385651%40mesmerize-companion&old=3270403%40mesmerize-companion&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3385651%40mesmerize-companion&new=3385651%40mesmerize-companion&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/242a3c60-b8ca-43cc-92d7-eb3830381512?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.6.158]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Mesmerize Companion", "source": "cna", "vendor": "horearadu"}, "product": "mesmerize_companion", "vendor": "horearadu"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 70.0, "confidence_source": "inferred", "scores": [{"score": 70.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-22T19:56:15.548260+00:00", "value": {"mitigation_remediation": ["Update the Mesmerize Companion plugin to a version newer than 1.6.158.", "Restrict the subscriber role to only necessary capabilities, ensuring that users with subscriber access cannot manage post or page settings.", "If an immediate plugin update is not possible, disable or patch the openPageInCustomizer and openPageInDefaultEditor endpoints via a custom code snippet or security plugin to enforce proper authorization."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The issue affects the Mesmerize Companion WordPress plugin for all versions up to and including 1.6.158 from the vendor horearadu.\u00a0It is relevant to any WordPress installation that has the Mesmerize theme activated and the plugin installed.", "description_and_impact": "The vulnerability is an authorization bypass that allows authenticated users with subscriber or higher access to invoke functions that should be restricted.\u00a0The openPageInCustomizer and openPageInDefaultEditor functions lack proper capability checks, permitting those users to mark arbitrary pages as maintainable, wrap content in custom sections, change page template metadata, and toggle the default editor flag without proper authorization.\u00a0These actions modify site configuration and could be used to deface the site, alter content presentation, or create a foothold for further attacks.", "risk_and_exploitability": "The CVSS score is 4.3, indicating a moderate severity.\u00a0The EPSS score is <\u202f1\u202f%, suggesting a low probability of widespread exploitation, and the vulnerability is not listed in CISA\u2019s KEV catalog.\u00a0The likely attack vector requires the attacker to first authenticate to the WordPress site with a subscriber\u2011level or higher account; once logged in, the attacker can invoke the vulnerable functions, either through the admin interface or via the REST API, to modify page settings without authorization."}}}}, "created": "2026-02-19T10:07:46.059482+00:00", "updated": "2026-04-22T20:00:08.847780+00:00", "vendors": ["horearadu", "horearadu$PRODUCT$mesmerize_companion", "wordpress", "wordpress$PRODUCT$wordpress"]}