{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12370", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-27T20:15:45.237Z", "datePublished": "2025-12-05T05:31:26.817Z", "dateUpdated": "2026-04-08T17:11:55.360Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:11:55.360Z"}, "affected": [{"vendor": "takeads", "product": "Takeads", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.13", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the plugin's configuration options."}], "title": "Takeads <= 1.0.13 - Missing Authorization to Plugin Settings Deletion", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f3619d9-7572-439e-a284-d59ef5de08f3?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/monetize-link/tags/1.0.13/src/MLP_Ajax.php#L8"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan"}], "timeline": [{"time": "2025-12-04T17:20:48.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12370", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-05T14:03:46.347916Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-07T17:09:52.263Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12370", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-05T14:03:46.347916Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-07T17:08:54.697Z"}}], "cna": {"title": "Takeads <= 1.0.13 - Missing Authorization to Plugin Settings Deletion", "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "takeads", "product": "Takeads", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.13"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-04T17:20:48.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f3619d9-7572-439e-a284-d59ef5de08f3?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/monetize-link/tags/1.0.13/src/MLP_Ajax.php#L8"}], "descriptions": [{"lang": "en", "value": "The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the plugin's configuration options."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:11:55.360Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12370", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:11:55.360Z", "dateReserved": "2025-10-27T20:15:45.237Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-05T05:31:26.817Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the plugin's configuration options."}], "id": "CVE-2025-12370", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-05T06:16:07.233", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/monetize-link/tags/1.0.13/src/MLP_Ajax.php#L8"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f3619d9-7572-439e-a284-d59ef5de08f3?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T11:39:56.862628+00:00", "value": {"mitigation_remediation": ["Immediately upgrade the Takeads plugin to the latest release that includes proper authorization checks.", "If an update cannot be applied, deactivate or uninstall the plugin until a fixed version is available.", "Restrict subscriber and lower-level WordPress roles from accessing plugin settings by tightening role capabilities or removing unnecessary permissions."], "summary": {"action": "Patch Immediately", "impact": "Authorization Bypass \u2013 Unauthorized Deletion of Plugin Configuration"}, "threat_synthesis": {"affected_systems": "WordPress installations that employ the Takeads plugin version 1.0.13 or earlier are susceptible to this issue. No other versions or other plugins are listed as affected.\n", "description_and_impact": "The Takeads WordPress plugin weakens authorization controls by failing to verify that a user is permitted to delete the plugin\u2019s configuration options. An attacker who can authenticate to the site with subscriber-level access or higher can exploit this flaw to permanently remove the plugin\u2019s settings, disrupting advertising functionality and potentially allowing further configuration changes.\n", "risk_and_exploitability": "The vulnerability carries a CVSS score of 4.3, indicating a moderate compromise of system integrity. Because the EPSS score is reported as < 1%, the likelihood of exploitation is deemed low, and the vulnerability is not presently listed in the CISA KEV catalog. Exploitation requires a valid authenticated session, so the attack vector is essentially an authenticated request, likely via the plugin\u2019s Ajax endpoint. The impact is limited to a removal of configuration but could impair site operation if the plugin is critical. The overall risk is moderate but mitigated by the need for authentication and the low probability of active exploitation in the wild."}}}}, "created": "2025-12-05T10:51:51.948189+00:00", "updated": "2026-04-22T12:00:05.909228+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}