{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7821", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-18T17:37:39.899Z", "datePublished": "2025-08-23T04:25:48.541Z", "dateUpdated": "2026-04-08T17:27:58.837Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:27:58.837Z"}, "affected": [{"vendor": "wcplus", "product": "WC Plus", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.2.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WC Plus plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pluswc_logo_favicon_logo_base' AJAX action in all versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to update the site's favicon logo base."}], "title": "WC Plus <= 1.2.0 - Missing Authorization to Unauthenticated Settings Manipulation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd35a017-3b80-483d-8144-3986ea064669?source=cve"}, {"url": "https://wordpress.org/plugins/wc-plus/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "ch4r0n"}], "timeline": [{"time": "2025-08-22T15:49:19.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-25T16:31:09.167482Z", "id": "CVE-2025-7821", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-25T16:44:00.584Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7821", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-25T16:31:09.167482Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-25T16:43:55.594Z"}}], "cna": {"title": "WC Plus <= 1.2.0 - Missing Authorization to Unauthenticated Settings Manipulation", "credits": [{"lang": "en", "type": "finder", "value": "ch4r0n"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "wcplus", "product": "WC Plus", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.2.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-08-22T15:49:19.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd35a017-3b80-483d-8144-3986ea064669?source=cve"}, {"url": "https://wordpress.org/plugins/wc-plus/"}], "descriptions": [{"lang": "en", "value": "The WC Plus plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pluswc_logo_favicon_logo_base' AJAX action in all versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to update the site's favicon logo base."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:27:58.837Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7821", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:27:58.837Z", "dateReserved": "2025-07-18T17:37:39.899Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-08-23T04:25:48.541Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WC Plus plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pluswc_logo_favicon_logo_base' AJAX action in all versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to update the site's favicon logo base."}, {"lang": "es", "value": "El complemento WC Plus para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a la falta de comprobaci\u00f3n de la acci\u00f3n AJAX \u00abpluswc_logo_favicon_logo_base\u00bb en todas las versiones hasta la 1.2.0 incluida. Esto permite que atacantes no autenticados actualicen la base del logotipo del favicon del sitio."}], "id": "CVE-2025-7821", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-08-23T05:15:32.393", "references": [{"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/wc-plus/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd35a017-3b80-483d-8144-3986ea064669?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T21:58:10.637516+00:00", "value": {"mitigation_remediation": ["Upgrade the WC Plus plugin to a patched version that includes proper capability checks on the affected AJAX endpoint", "If an update is unavailable, temporarily disable or remove the \u2018pluswc_logo_favicon_logo_base\u2019 AJAX action by adding custom code that blocks the request or by using a security plugin to restrict access to that AJAX endpoint", "Continuously monitor the site\u2019s favicon and any plugin configuration changes for unexpected alterations, and investigate any unauthorized modifications promptly"], "summary": {"action": "Apply Patch", "impact": "Unauthenticated settings manipulation of the site favicon logo base"}, "threat_synthesis": {"affected_systems": "WC Plus plugin for WordPress, versions up to and including 1.2.0. The vulnerability affects all installations of the plugin within this version range, regardless of site configuration.", "description_and_impact": "The WC Plus plugin for WordPress suffers from a missing capability check on the \u2018pluswc_logo_favicon_logo_base\u2019 AJAX action in all releases up to and including 1.2.0. The flaw allows any remote user to send crafted requests without authentication and alter the website\u2019s favicon logo base. This change can be leveraged to misdirect visitors, undermine brand trust, or facilitate phishing attacks by swapping the site icon. The weakness is classified as CWE\u2011862 for missing authorization checks, indicating that access control controls are incorrectly implemented.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a moderate impact if the flaw is exploited. The EPSS score of less than 1% suggests that the probability of exploitation is very low, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is likely remote via unauthenticated AJAX requests; an attacker can send a request to the vulnerable endpoint from any network without needing credentials. Exploit complexity is low, and the required privileges are none, making the vulnerability achievable for any potential attacker that can target the site."}}}}, "created": "2025-08-23T10:54:56.508084+00:00", "updated": "2026-04-20T22:00:11.228254+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}