{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12675", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-03T21:59:04.600Z", "datePublished": "2025-11-05T07:27:56.886Z", "dateUpdated": "2026-04-08T17:30:12.079Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:30:12.079Z"}, "affected": [{"vendor": "mykiot", "product": "KiotViet Sync", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.8.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The KiotViet Sync plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveConfig() function in all versions up to, and including, 1.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's config."}], "title": "KiotViet Sync <= 1.8.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e67c6c3f-0b2a-424f-b8f2-2771449c82b4?source=cve"}, {"url": "https://wordpress.org/plugins/kiotvietsync/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "timeline": [{"time": "2025-11-04T18:55:11.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-05T14:13:26.655163Z", "id": "CVE-2025-12675", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-05T14:13:37.640Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12675", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-05T14:13:26.655163Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-05T14:13:33.946Z"}}], "cna": {"title": "KiotViet Sync <= 1.8.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update", "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "mykiot", "product": "KiotViet Sync", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.8.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-04T18:55:11.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e67c6c3f-0b2a-424f-b8f2-2771449c82b4?source=cve"}, {"url": "https://wordpress.org/plugins/kiotvietsync/"}], "descriptions": [{"lang": "en", "value": "The KiotViet Sync plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveConfig() function in all versions up to, and including, 1.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's config."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:30:12.079Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12675", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:30:12.079Z", "dateReserved": "2025-11-03T21:59:04.600Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-05T07:27:56.886Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The KiotViet Sync plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveConfig() function in all versions up to, and including, 1.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's config."}], "id": "CVE-2025-12675", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-05T08:15:33.500", "references": [{"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/kiotvietsync/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e67c6c3f-0b2a-424f-b8f2-2771449c82b4?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T01:50:15.853188+00:00", "value": {"mitigation_remediation": ["Update KiotViet Sync to the latest released version (\u2265\u202f1.8.6) to remove the missing capability check.", "If an immediate upgrade is not feasible, restrict the Subscriber role from accessing or editing the plugin\u2019s settings, using a role editor plugin or custom code to revoke the capability to execute saveConfig().", "Disable or uninstall the KiotViet Sync plugin if it is not required for site functionality.", "Review all user roles and ensure that only trusted administrators hold the capability to modify plugin configuration settings."], "summary": {"action": "Update Plugin", "impact": "Unauthorized configuration modification"}, "threat_synthesis": {"affected_systems": "The issue affects the KiotViet Sync plugin for WordPress versions up to and including 1.8.5. Administrators and any user assigned at least the Subscriber role have the ability to trigger the vulnerable saveConfig() action and modify plugin settings.", "description_and_impact": "The vulnerability lies in a missing capability check within the saveConfig() function of the KiotViet Sync WordPress plugin. Because the check is omitted, any authenticated user with the Subscriber role or higher can update the plugin\u2019s configuration data. This leaves the site open to unintended changes in synchronization settings, which could expose data or disrupt normal operations, but does not directly allow code execution or broad compromise. The weakness reflects a classic authorization failure (CWE-862).", "risk_and_exploitability": "The CVSS score of 4.3 indicates moderate severity, and the EPSS score of less than 1\u202f% signals a low probability of exploitation under current conditions. The vulnerability is not listed in CISA\u2019s KEV catalog, suggesting that no documented large\u2011scale attacks are known. An attacker would need to authenticate to the WordPress installation and possess Subscriber\u2011level access to exploit the flaw, which limits the attack surface to authenticated users but still allows an insider or compromised account to alter configuration data."}}}}, "created": "2025-11-06T10:07:22.447837+00:00", "updated": "2026-04-21T02:00:12.287201+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}