{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12071", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-22T14:02:38.741Z", "datePublished": "2026-02-18T04:35:42.817Z", "dateUpdated": "2026-04-08T16:44:58.364Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:44:58.364Z"}, "affected": [{"vendor": "absikandar", "product": "Frontend User Notes", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.1.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funp_ajax_modify_notes' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify arbitrary notes that do not belong to them."}], "title": "Frontend User Notes <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note Modification", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30f2dd33-228d-4942-88d9-78c7ed0b79a1?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/frontend-user-notes/tags/2.1.1/includes/ajax.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "cweId": "CWE-639", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}], "timeline": [{"time": "2026-02-17T16:31:54.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-18T14:44:11.944890Z", "id": "CVE-2025-12071", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T14:44:27.714Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12071", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-18T14:44:11.944890Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T14:44:23.510Z"}}], "cna": {"title": "Frontend User Notes <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note Modification", "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "absikandar", "product": "Frontend User Notes", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.1.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-17T16:31:54.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30f2dd33-228d-4942-88d9-78c7ed0b79a1?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/frontend-user-notes/tags/2.1.1/includes/ajax.php"}], "descriptions": [{"lang": "en", "value": "The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funp_ajax_modify_notes' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify arbitrary notes that do not belong to them."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:44:58.364Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12071", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:44:58.364Z", "dateReserved": "2025-10-22T14:02:38.741Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-18T04:35:42.817Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funp_ajax_modify_notes' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify arbitrary notes that do not belong to them."}, {"lang": "es", "value": "El plugin Frontend User Notes para WordPress es vulnerable a Referencia Directa Insegura a Objetos en todas las versiones hasta la 2.1.0, inclusive, a trav\u00e9s del endpoint AJAX 'funp_ajax_modify_notes' debido a la falta de validaci\u00f3n en una clave controlada por el usuario. Esto permite a atacantes autenticados, con acceso de nivel Suscriptor y superior, modificar notas arbitrarias que no les pertenecen."}], "id": "CVE-2025-12071", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-18T05:16:16.683", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/frontend-user-notes/tags/2.1.1/includes/ajax.php"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30f2dd33-228d-4942-88d9-78c7ed0b79a1?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.1.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Frontend User Notes", "source": "cna", "vendor": "absikandar"}, "product": "frontend_user_notes", "vendor": "absikandar"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 70.0, "confidence_source": "inferred", "scores": [{"score": 70.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-22T19:57:52.890194+00:00", "value": {"mitigation_remediation": ["Update the Frontend User Notes plugin to version 2.1.1 or later, which patches the missing ownership validation.", "Restrict the \u2018funp_ajax_modify_notes\u2019 AJAX endpoint so that only users with appropriate permissions can reach it, or disable the endpoint for lower\u2011privilege roles.", "Audit the note permission logic within the plugin to enforce that notes can only be edited by their owners unless explicitly granted otherwise."], "summary": {"action": "Apply Update", "impact": "Untrusted note modification by any authenticated Subscriber or higher"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Frontend User Notes plugin developed by absikandar. All released versions up to and including 2.1.0 are impacted; newer releases such as 2.1.1 are presumed to contain the fix.", "description_and_impact": "This issue is an insecure direct object reference in the \u2018funp_ajax_modify_notes\u2019 AJAX endpoint of the Frontend User Notes WordPress plugin. An attacker who is logged in with Subscriber\u2011level or higher access can modify any note that does not belong to them because the plugin does not validate that the note belongs to the authenticated user. The weakness is a classic IDOR (CWE\u2011639) that compromises the integrity of user\u2011generated content and can expose private information hidden in those notes.", "risk_and_exploitability": "The CVSS score of 4.3 indicates the vulnerability is of moderate severity. The EPSS score of less than 1\u202f% suggests that exploitation is unlikely to be widespread, and the issue is not listed in the CISA KEV catalog. Exploitation requires a valid authenticated WordPress session with a role of Subscriber or higher and access to the vulnerable AJAX endpoint, making it a local or web\u2011based attack rather than remotely exploitable from outside the host."}}}}, "created": "2026-02-18T10:32:57.904062+00:00", "updated": "2026-04-22T20:00:08.855239+00:00", "vendors": ["absikandar", "absikandar$PRODUCT$frontend_user_notes", "wordpress", "wordpress$PRODUCT$wordpress"]}