{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12157", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-24T13:18:32.870Z", "datePublished": "2025-11-04T04:27:16.185Z", "dateUpdated": "2026-04-08T16:46:57.760Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:46:57.760Z"}, "affected": [{"vendor": "tanvirahmed1984", "product": "Simple User Capabilities", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Simple User Capabilities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_reset_capability' AJAX endpoint in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to reset any user's capabilities."}], "title": "Simple User Capabilities <= 1.0 - Missing Authorization to Unauthenticated Capability Reset", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a1d0432-aff0-477e-aa6e-4de3e4d789cb?source=cve"}, {"url": "https://plugins.svn.wordpress.org/simple-user-capabilities/tags/1.0/user_access.php"}, {"url": "https://wordpress.org/plugins/simple-user-capabilities/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "D01EXPLOIT OFFICIAL"}], "timeline": [{"time": "2025-11-03T15:33:17.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-04T17:15:52.055954Z", "id": "CVE-2025-12157", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-04T17:16:00.320Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12157", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-04T17:15:52.055954Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-04T17:15:56.227Z"}}], "cna": {"title": "Simple User Capabilities <= 1.0 - Missing Authorization to Unauthenticated Capability Reset", "credits": [{"lang": "en", "type": "finder", "value": "D01EXPLOIT OFFICIAL"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "tanvirahmed1984", "product": "Simple User Capabilities", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-03T15:33:17.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a1d0432-aff0-477e-aa6e-4de3e4d789cb?source=cve"}, {"url": "https://plugins.svn.wordpress.org/simple-user-capabilities/tags/1.0/user_access.php"}, {"url": "https://wordpress.org/plugins/simple-user-capabilities/"}], "descriptions": [{"lang": "en", "value": "The Simple User Capabilities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_reset_capability' AJAX endpoint in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to reset any user's capabilities."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:46:57.760Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12157", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:46:57.760Z", "dateReserved": "2025-10-24T13:18:32.870Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-04T04:27:16.185Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Simple User Capabilities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_reset_capability' AJAX endpoint in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to reset any user's capabilities."}], "id": "CVE-2025-12157", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-04T05:16:09.357", "references": [{"source": "security@wordfence.com", "url": "https://plugins.svn.wordpress.org/simple-user-capabilities/tags/1.0/user_access.php"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/simple-user-capabilities/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a1d0432-aff0-477e-aa6e-4de3e4d789cb?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T12:03:40.345442+00:00", "value": {"mitigation_remediation": ["Upgrade Simple User Capabilities to a version newer than 1.0 if available, or remove the plugin entirely if an update is not possible.", "If immediate removal is not feasible, block or filter requests to the wp_ajax_nopriv_reset_capability endpoint using web\u2011application firewall rules or .htaccess rewrites to enforce authentication checks.", "As a temporary workaround, consider adding a custom role or capability check on the endpoint by modifying the plugin\u2019s code or applying a patch that enforces an authorization check before processing the reset request."], "summary": {"action": "Patch ASAP", "impact": "Unauthorized Capability Reset leading to privilege escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all versions of the Simple User Capabilities plugin up to and including 1.0, as distributed by tanvirahmed1984 on the WordPress plugin repository. Any WordPress installation that has this plugin installed at a version 1.0 or earlier is susceptible. No specific sub-version information is provided, so the entire version range is considered at risk.", "description_and_impact": "The Simple User Capabilities plugin for WordPress fails to perform a capability check on its 'wp_ajax_nopriv_reset_capability' AJAX endpoint. As a result, anyone who can reach the endpoint\u2014even without logging in\u2014can trigger a reset of another user\u2019s capabilities. This represents an authorization bypass (CWE-862) that could allow an attacker to grant themselves admin-level access, remove privileges from administrators, or otherwise manipulate role configurations. The direct consequence is the loss of integrity over user roles and the potential for elevated privilege actions across the site.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a moderate security risk, while the EPSS score of less than 1% suggests that the likelihood of exploitation is currently low. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires only an unauthenticated HTTP request to the Ajax endpoint, meaning any unauthenticated user who can send a crafted request to the site\u2019s AJAX handler can reset capabilities. No special privileges or credentials are required, making the attack vector broad for exposed WordPress sites that use this plugin."}}}}, "created": "2025-11-04T16:33:19.666711+00:00", "updated": "2026-04-22T12:15:16.045532+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}