{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12168", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-24T14:24:58.628Z", "datePublished": "2026-01-17T04:34:01.207Z", "dateUpdated": "2026-04-08T16:46:43.703Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:46:43.703Z"}, "affected": [{"vendor": "memsource", "product": "Phrase TMS Integration for WordPress", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.7.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Phrase TMS Integration for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_delete_log' AJAX endpoint in all versions up to, and including, 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete log files."}], "title": "Phrase TMS Integration for WordPress <= 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Log Deletion", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/396f2426-7bc4-4221-bc48-920bec5af6e5?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3426034%40memsource-connector&new=3426034%40memsource-connector&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Abhirup Konwar"}], "timeline": [{"time": "2026-01-16T15:33:38.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-20T18:32:24.235932Z", "id": "CVE-2025-12168", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T18:32:40.697Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12168", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-20T18:32:24.235932Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T18:32:32.000Z"}}], "cna": {"title": "Phrase TMS Integration for WordPress <= 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Log Deletion", "credits": [{"lang": "en", "type": "finder", "value": "Abhirup Konwar"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "memsource", "product": "Phrase TMS Integration for WordPress", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.7.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-01-16T15:33:38.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/396f2426-7bc4-4221-bc48-920bec5af6e5?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3426034%40memsource-connector&new=3426034%40memsource-connector&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Phrase TMS Integration for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_delete_log' AJAX endpoint in all versions up to, and including, 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete log files."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:46:43.703Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12168", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:46:43.703Z", "dateReserved": "2025-10-24T14:24:58.628Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-01-17T04:34:01.207Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Phrase TMS Integration for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_delete_log' AJAX endpoint in all versions up to, and including, 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete log files."}, {"lang": "es", "value": "El plugin Phrase TMS Integration para WordPress para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una falta de verificaci\u00f3n de capacidad en el endpoint AJAX 'wp_ajax_delete_log' en todas las versiones hasta la 4.7.5, inclusive. Esto hace posible que atacantes autenticados, con acceso de nivel Suscriptor y superior, eliminen archivos de registro."}], "id": "CVE-2025-12168", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-01-17T05:16:08.763", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3426034%40memsource-connector&new=3426034%40memsource-connector&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/396f2426-7bc4-4221-bc48-920bec5af6e5?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T11:36:33.005726+00:00", "value": {"mitigation_remediation": ["Upgrade the Phrase TMS Integration for WordPress plugin to the latest available version that includes the capability check for the wp_ajax_delete_log endpoint.", "If an upgrade is not immediately possible, deny Subscriber and higher roles the ability to call the wp_ajax_delete_log AJAX action by removing the capability or disabling the endpoint, or temporarily remove or downgrade the affected plugin.", "After applying the fix, monitor the WordPress logs for any unauthorized delete attempts and verify that the action is no longer permitted for Subscriber level users.", "Review other plugins and custom code that may expose similar AJAX endpoints to ensure proper capability checks."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Log Deletion"}, "threat_synthesis": {"affected_systems": "All versions of the Phrase TMS Integration for WordPress plugin, developed by memsource, up to and including version 4.7.5 are affected. Users running those versions on any WordPress installation are at risk; newer releases are presumed to have the capability check in place.", "description_and_impact": "The Phrase TMS Integration for WordPress plugin is vulnerable to an unauthorized modification of data due to a missing capability check on the \"wp_ajax_delete_log\" AJAX endpoint in all versions up to 4.7.5. This flaw allows authenticated attackers with Subscriber-level access or higher to delete log files, resulting in loss of audit data and potentially disrupting compliance or monitoring activities. The weakness is a privilege escalation flaw (CWE\u2011862).", "risk_and_exploitability": "The CVSS score is 4.3, indicating a moderate impact. The EPSS score is less than 1%, suggesting a low likelihood of exploitation. The plugin is not listed in CISA's KEV catalog. Exploitation requires the attacker to be authenticated with at least Subscriber privileges; the attack vector is likely via the web interface or via crafted AJAX requests to the vulnerable endpoint. Once authenticated, the user can delete arbitrary log files, immediately impacting availability of logging data."}}}}, "created": "2026-01-19T09:19:36.623484+00:00", "updated": "2026-04-22T12:00:05.904607+00:00", "vendors": ["memsource", "memsource$PRODUCT$phrase_tms_integration_for_wordpress", "wordpress", "wordpress$PRODUCT$wordpress"]}