CVE-2025-12360 — MEDIUM (CVSS 4.3) AI Security Vulnerability

CISO Take

Any subscriber-level WordPress user on sites running this plugin can drain your OpenAI API quota, incurring real charges with zero technical skill required. Patch to 1.7.8+ immediately, rotate the stored OpenAI API key, and set a spending cap on the key via OpenAI's platform. If your site allows open subscriber registration, treat this as actively exploitable.

Severity & Risk

CVSS 3.1

4.3 / 10

EPSS

N/A

KEV Status

Not in KEV

Sophistication

Trivial

Recommended Action

1. PATCH: Update plugin to 1.7.8+ immediately — the changeset at trac.wordpress.org confirms the capability check fix. 2. ROTATE KEY: Invalidate the OpenAI API key stored in WordPress settings and generate a new scoped key. 3. SCOPE THE KEY: Create a dedicated OpenAI API key for this plugin with spending caps and rate limits via platform.openai.com. 4. AUDIT USAGE: Review OpenAI usage dashboard for anomalous spikes in the 90 days prior to patching. 5. HARDEN REGISTRATION: Disable open subscriber registration if not required or add email verification. 6. ALERT: Configure OpenAI usage threshold alerts to detect future abuse within hours.

Classification

Auth Bypass DoS API Plugin AML.T0012 - Valid Accounts AML.T0029 - Denial of AI Service AML.T0034 - Cost Harvesting AML.T0040 - AI Model Inference API Access AML.T0048.000 - Financial Harm AML.T0049 - Exploit Public-Facing Application

Compliance Impact

This CVE is relevant to:

ISO 42001

A.6.2 - AI system access control and authorization

NIST AI RMF

GOVERN 1.1 - Organizational policies for AI risk management

OWASP LLM Top 10

LLM04 - Model Denial of Service LLM07 - Insecure Plugin Design

Technical Details

NVD Description

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafar_ajax() function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level access, to trigger OpenAI API key usage resulting in quota consumption potentially incurring cost.

Exploitation Scenario

Attacker registers a free subscriber account on a WordPress site (or uses a compromised low-privilege account). They identify the vulnerable plugin via the WordPress admin interface or plugin enumeration. They send repeated authenticated POST requests to wp-admin/admin-ajax.php with action=rtafar_ajax, triggering OpenAI completions using the site's stored API key. With a simple script, an attacker can exhaust a $100/month quota in under an hour, disable the plugin's AI features for legitimate editors, and potentially trigger overage charges or account suspension. No special tools or AI expertise required.

Weaknesses (CWE)

CWE-285

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

Timeline

Published

November 6, 2025

Last Modified

November 6, 2025

First Seen

November 6, 2025