{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12041", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-21T18:43:27.936Z", "datePublished": "2025-10-31T09:27:20.353Z", "dateUpdated": "2026-04-08T16:37:15.628Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:37:15.628Z"}, "affected": [{"vendor": "apos37", "product": "ERI File Library", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The ERI File Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'erifl_file' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to download files restricted to specific user roles."}], "title": "ERI File Library <= 1.1.0 - Missing Authorization to Unauthenticated Protected File Download", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/16e1d37a-4eb7-45dc-8993-a501fb2aaf73?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3385895%40eri-file-library&new=3385895%40eri-file-library"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}], "timeline": [{"time": "2025-10-21T18:58:36.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-10-30T20:31:13.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-31T18:43:05.152073Z", "id": "CVE-2025-12041", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-31T18:43:16.544Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12041", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-31T18:43:05.152073Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-31T18:43:10.499Z"}}], "cna": {"title": "ERI File Library <= 1.1.0 - Missing Authorization to Unauthenticated Protected File Download", "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "apos37", "product": "ERI File Library", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.1.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-21T18:58:36.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-10-30T20:31:13.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/16e1d37a-4eb7-45dc-8993-a501fb2aaf73?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3385895%40eri-file-library&new=3385895%40eri-file-library"}], "descriptions": [{"lang": "en", "value": "The ERI File Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'erifl_file' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to download files restricted to specific user roles."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-10-31T09:27:20.353Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12041", "state": "PUBLISHED", "dateUpdated": "2025-10-31T18:43:16.544Z", "dateReserved": "2025-10-21T18:43:27.936Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-10-31T09:27:20.353Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The ERI File Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'erifl_file' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to download files restricted to specific user roles."}], "id": "CVE-2025-12041", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-10-31T10:15:42.997", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3385895%40eri-file-library&new=3385895%40eri-file-library"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/16e1d37a-4eb7-45dc-8993-a501fb2aaf73?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-27T23:32:38.214832+00:00", "value": {"mitigation_remediation": ["Upgrade the ERI File Library plugin to the latest released version. New releases include a missing authorization check that prevents unauthenticated file downloads.", "If an immediate upgrade is not feasible, disable the 'erifl_file' AJAX action by removing its action hook or disabling the plugin entirely to prevent unauthenticated file downloads.", "After remediation, validate that users lacking the required capabilities cannot trigger the action by attempting a test download or monitoring access logs for unauthorized attempts."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "This flaw affects the WordPress plugin ERI File Library version 1.1.0 and all earlier releases, distributed by the vendor apos37 and listed in the WordPress plugin repository. WordPress sites that have the vulnerable plugin installed and the default AJAX action reachable are at risk.", "description_and_impact": "The ERI File Library plugin for WordPress contains a missing capability check on its 'erifl_file' AJAX endpoint, which allows an unauthenticated attacker to retrieve files that are normally restricted to certain user roles. This omission is a classic example of CWE-862: Missing Authorization, leading to potential compromise of confidential data on the web server.", "risk_and_exploitability": "The CVSS score of 5.3 signals moderate severity with significant impact to confidentiality. The EPSS score is less than 1%, indicating a low but nonzero probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed exploitation in the wild. Attackers can remotely probe the site by sending HTTP requests to wp-admin/admin-ajax.php with the action=erifl_file parameter; no authentication is required, making the exploit trivially usable against any publicly accessible WordPress instance running the plugin."}}}}, "created": "2025-11-03T10:45:04.990501+00:00", "updated": "2026-04-27T23:45:15.881474+00:00", "vendors": ["apos37", "apos37$PRODUCT$eri_file_library", "wordpress", "wordpress$PRODUCT$wordpress"]}