{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12132", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-23T19:09:01.014Z", "datePublished": "2025-11-11T03:30:40.770Z", "dateUpdated": "2026-04-08T16:56:49.218Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:56:49.218Z"}, "affected": [{"vendor": "larsactionhero", "product": "WP Custom Admin Login Page Logo", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.4.8.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP Custom Admin Login Page Logo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.8.4. This is due to missing or incorrect nonce validation on the wpclpl_save functionality. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "WP Custom Admin Login Page Logo <= 1.4.8.4 - Cross-Site Request Forgery to Settings Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6164b272-aa12-4ee3-a73a-64882ff5a899?source=cve"}, {"url": "https://wordpress.org/plugins/wp-custom-login-page-logo/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "timeline": [{"time": "2025-11-10T15:13:26.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-12T15:42:19.562387Z", "id": "CVE-2025-12132", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-12T20:06:21.893Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12132", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-12T15:42:19.562387Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-12T15:42:21.755Z"}}], "cna": {"title": "WP Custom Admin Login Page Logo <= 1.4.8.4 - Cross-Site Request Forgery to Settings Update", "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "larsactionhero", "product": "WP Custom Admin Login Page Logo", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.4.8.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-10T15:13:26.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6164b272-aa12-4ee3-a73a-64882ff5a899?source=cve"}, {"url": "https://wordpress.org/plugins/wp-custom-login-page-logo/"}], "descriptions": [{"lang": "en", "value": "The WP Custom Admin Login Page Logo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.8.4. This is due to missing or incorrect nonce validation on the wpclpl_save functionality. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:56:49.218Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12132", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:56:49.218Z", "dateReserved": "2025-10-23T19:09:01.014Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-11T03:30:40.770Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Custom Admin Login Page Logo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.8.4. This is due to missing or incorrect nonce validation on the wpclpl_save functionality. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "id": "CVE-2025-12132", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-11T04:15:46.523", "references": [{"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/wp-custom-login-page-logo/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6164b272-aa12-4ee3-a73a-64882ff5a899?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T11:59:47.176874+00:00", "value": {"mitigation_remediation": ["Upgrade WP Custom Admin Login Page Logo to a version newer than 1.4.8.4 or apply the vendor\u2011supplied patch if available", "If immediate upgrade is not possible, backup the current site and consider disabling the plugin until a fix is applied", "Install a reputable security plugin that enforces nonce checks or restricts POST requests on admin pages to mitigate future CSRF attacks", "Monitor the admin interface for unexpected configuration changes and alert on suspicious activity"], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Request Forgery causing unauthorized change of plugin settings"}, "threat_synthesis": {"affected_systems": "All installations of the WP Custom Admin Login Page Logo plugin running version 1.4.8.4 or earlier are affected. The plugin is distributed through the official WordPress plugin repository and is maintained by larsactionhero. Site administrators who have upgraded the plugin to a version newer than 1.4.8.4 are not impacted.", "description_and_impact": "The WP Custom Admin Login Page Logo plugin for WordPress allows unauthenticated attackers to modify the plugin\u2019s settings because the wpclpl_save function lacks proper nonce validation. This flaw permits a forged request to alter configuration values such as logo image, login URL redirection, and other cosmetic settings. The impact is the ability to inject arbitrary settings that affect site appearance and potentially redirect users, but it does not provide direct code execution or access to admin credentials.", "risk_and_exploitability": "The vulnerability scores a CVSS 4.3, describing a moderate risk that requires user interaction but provides no direct privilege escalation. The EPSS score of less than 1% indicates a low probability that the flaw is actively exploited in the wild, and the vulnerability is not currently listed in the CISA KEV catalog. Exploitation typically involves tricking a logged\u2011in administrator into clicking a malicious link or submitting a forged form, after which the attacker can silently change plugin settings. Because the flaw requires an authenticated administrator to complete the request, the attacker\u2019s success depends on the administrator\u2019s interaction with a malicious payload."}}}}, "created": "2025-11-12T12:47:51.761119+00:00", "updated": "2026-04-22T12:00:05.917591+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}