CVE-2025-10901 is a vulnerability identified in the Originality.ai AI Checker plugin for WordPress, affecting all versions up to and including 1.0.12. The root cause is a missing authorization check on the 'ai_get_table' function, which is responsible for retrieving data from the wp_originalityai_log database table. This table contains sensitive information such as post titles, AI originality scan scores, credits used, and other metadata related to content originality checks. Due to the lack of proper capability validation, any authenticated user with at least Subscriber-level privileges can invoke this function and access the entire contents of this log table. The vulnerability does not require user interaction and can be exploited remotely over the network, given valid credentials. The CVSS v3.1 base score is 4.3, reflecting a medium severity primarily due to the limited impact on confidentiality and the requirement for authentication. No known exploits have been reported in the wild, and no official patches have been released as of the publication date. The vulnerability is categorized under CWE-862 (Missing Authorization), indicating a failure to enforce proper access controls on sensitive functions. This flaw can lead to unauthorized disclosure of potentially sensitive operational data, which may aid attackers in reconnaissance or further attacks. The plugin is used in WordPress environments, which are widely deployed globally, especially in content publishing and blogging platforms.

The primary impact of this vulnerability is unauthorized disclosure of sensitive data stored in the wp_originalityai_log table. This includes post titles, AI scan scores, and usage credits, which could reveal content strategies, editorial workflows, or usage patterns. While the vulnerability does not affect data integrity or availability, the confidentiality breach can facilitate targeted social engineering, competitive intelligence gathering, or further exploitation by revealing internal content details. Organizations relying on Originality.ai for content originality verification may face reputational risks if sensitive content metadata is exposed. Since exploitation requires only Subscriber-level authentication, attackers could leverage compromised or weak user credentials to access this data. The scope of affected systems includes any WordPress site running the vulnerable plugin version, which could be significant given WordPress's market share. However, the lack of known exploits and the medium CVSS score suggest the threat is moderate but should not be ignored. The vulnerability may be particularly impactful for organizations handling sensitive or proprietary content where metadata confidentiality is critical.

Until an official patch is released, organizations should implement the following mitigations: 1) Restrict user roles and permissions strictly, ensuring that only trusted users have Subscriber-level or higher access; consider reducing the number of users with such privileges. 2) Monitor and audit user activity logs for unusual access patterns to the Originality.ai plugin or database queries targeting the wp_originalityai_log table. 3) If feasible, disable or remove the Originality.ai AI Checker plugin temporarily to eliminate exposure. 4) Employ web application firewalls (WAFs) with custom rules to detect and block unauthorized calls to the 'ai_get_table' function or related plugin endpoints. 5) Educate users about credential hygiene to prevent account compromise. 6) Stay updated with vendor announcements for patches or updates addressing this vulnerability and apply them promptly once available. 7) Consider isolating the WordPress environment or database access to limit lateral movement if an account is compromised. These steps go beyond generic advice by focusing on access control tightening, monitoring, and proactive plugin management.