CVE-2025-12360 — MEDIUM (CVSS 4.3) AI Security Vulnerability

CISO Take

Any subscriber-level WordPress user on sites running this plugin can drain your OpenAI API quota, incurring real charges with zero technical skill required. Patch to 1.7.8+ immediately, rotate the stored OpenAI API key, and set a spending cap on the key via OpenAI's platform. If your site allows open subscriber registration, treat this as actively exploitable.

Risk Assessment

Low-medium severity with disproportionate financial exposure relative to CVSS score. Exploitability is trivial — no tooling or AI knowledge required, just a valid subscriber account and a POST request to the AJAX endpoint. Impact is bounded to quota exhaustion and cost, not data breach or RCE, but financial damage scales with API spend limits and attacker persistence. Risk amplified on sites with open user registration or high-traffic WooCommerce stores.

Severity & Risk

CVSS 3.1

4.3 / 10

EPSS

0.0%

chance of exploitation in 30 days

Higher than 10% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

No known exploitation

Sophistication

Trivial

Attack Surface

AV Network

AC Low

PR Low

UI None

S Unchanged

C None

I Low

A None

Recommended Action

6 steps

PATCH

Update plugin to 1.7.8+ immediately — the changeset at trac.wordpress.org confirms the capability check fix.
ROTATE KEY

Invalidate the OpenAI API key stored in WordPress settings and generate a new scoped key.
SCOPE THE KEY

Create a dedicated OpenAI API key for this plugin with spending caps and rate limits via platform.openai.com.
AUDIT USAGE

Review OpenAI usage dashboard for anomalous spikes in the 90 days prior to patching.
HARDEN REGISTRATION

Disable open subscriber registration if not required or add email verification.
ALERT

Configure OpenAI usage threshold alerts to detect future abuse within hours.

CISA SSVC Assessment

Decision Track

Exploitation none

Automatable No

Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

Auth Bypass DoS API Plugin AML.T0012 - Valid Accounts AML.T0029 - Denial of AI Service AML.T0034 - Cost Harvesting AML.T0040 - AI Model Inference API Access AML.T0048.000 - Financial Harm AML.T0049 - Exploit Public-Facing Application

Compliance Impact

This CVE is relevant to:

ISO 42001

A.6.2 - AI system access control and authorization

NIST AI RMF

GOVERN 1.1 - Organizational policies for AI risk management

OWASP LLM Top 10

LLM04 - Model Denial of Service LLM07 - Insecure Plugin Design

Frequently Asked Questions

What is CVE-2025-12360?

Any subscriber-level WordPress user on sites running this plugin can drain your OpenAI API quota, incurring real charges with zero technical skill required. Patch to 1.7.8+ immediately, rotate the stored OpenAI API key, and set a spending cap on the key via OpenAI's platform. If your site allows open subscriber registration, treat this as actively exploitable.

Is CVE-2025-12360 actively exploited?

No confirmed active exploitation of CVE-2025-12360 has been reported, but organizations should still patch proactively.

How to fix CVE-2025-12360?

1. PATCH: Update plugin to 1.7.8+ immediately — the changeset at trac.wordpress.org confirms the capability check fix. 2. ROTATE KEY: Invalidate the OpenAI API key stored in WordPress settings and generate a new scoped key. 3. SCOPE THE KEY: Create a dedicated OpenAI API key for this plugin with spending caps and rate limits via platform.openai.com. 4. AUDIT USAGE: Review OpenAI usage dashboard for anomalous spikes in the 90 days prior to patching. 5. HARDEN REGISTRATION: Disable open subscriber registration if not required or add email verification. 6. ALERT: Configure OpenAI usage threshold alerts to detect future abuse within hours.

What systems are affected by CVE-2025-12360?

This vulnerability affects the following AI/ML architecture patterns: WordPress AI plugin integrations, Third-party LLM API key management, CMS-integrated AI features, Shared API credential deployments.

What is the CVSS score for CVE-2025-12360?

CVE-2025-12360 has a CVSS v3.1 base score of 4.3 (MEDIUM). The EPSS exploitation probability is 0.03%.

Technical Details

NVD Description

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafar_ajax() function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level access, to trigger OpenAI API key usage resulting in quota consumption potentially incurring cost.

Exploitation Scenario

Attacker registers a free subscriber account on a WordPress site (or uses a compromised low-privilege account). They identify the vulnerable plugin via the WordPress admin interface or plugin enumeration. They send repeated authenticated POST requests to wp-admin/admin-ajax.php with action=rtafar_ajax, triggering OpenAI completions using the site's stored API key. With a simple script, an attacker can exhaust a $100/month quota in under an hour, disable the plugin's AI features for legitimate editors, and potentially trigger overage charges or account suspension. No special tools or AI expertise required.