CVE-2025-12038 is a vulnerability classified under CWE-863 (Incorrect Authorization) affecting the Folderly plugin for WordPress, specifically all versions up to and including 0.3. The vulnerability exists due to an insufficient capability check on the REST API endpoint /wp-json/folderly/v1/config/clear-all-data. This endpoint allows authenticated users with Author-level access or higher to clear all data related to terms and categories without proper authorization validation. The flaw enables unauthorized modification of critical site data, potentially disrupting website taxonomy and content organization. The vulnerability does not require user interaction but does require authentication with at least Author privileges, which are commonly granted to content creators and editors. The CVSS v3.1 base score is 4.3 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), low integrity impact (I:L), and no availability impact (A:N). No patches or known exploits are currently reported, but the vulnerability poses a risk of unauthorized data modification that could affect site stability and content integrity. The vulnerability was published on November 1, 2025, and assigned by Wordfence. Organizations using this plugin should be aware of the risk and prepare to apply fixes or implement access controls.

For European organizations, this vulnerability could lead to unauthorized clearing of important WordPress site data such as terms and categories, which are essential for content classification and navigation. This could disrupt user experience, SEO rankings, and content management workflows. Since the exploit requires only Author-level access, an attacker who compromises or abuses such an account could cause significant data modification without needing administrator privileges. This risk is particularly relevant for organizations with multiple content creators or editors who have Author-level permissions. The impact on confidentiality is minimal, but integrity is affected due to unauthorized data modification. Availability is not impacted directly, but site functionality could be impaired. Organizations relying on Folderly for email deliverability or other plugin features may experience operational disruptions. The medium CVSS score reflects moderate risk, but the ease of exploitation by authenticated users makes it a concern for organizations with less restrictive user role management. European entities in sectors such as media, publishing, e-commerce, and government that use WordPress extensively could face reputational and operational impacts if exploited.

1. Immediately audit and restrict Author-level and higher permissions to trusted users only, minimizing the risk of misuse. 2. Monitor REST API calls to /wp-json/folderly/v1/config/clear-all-data for unusual or unauthorized access patterns. 3. Implement Web Application Firewall (WAF) rules to restrict or block access to this specific REST API endpoint for non-administrative users. 4. Disable or remove the Folderly plugin if it is not essential or if no patch is available. 5. Follow vendor communications closely and apply official patches or updates as soon as they are released. 6. Employ multi-factor authentication (MFA) for all users with Author-level or higher privileges to reduce the risk of account compromise. 7. Regularly back up WordPress site data, including terms and categories, to enable quick restoration in case of data loss. 8. Educate content creators and editors about the risks of privilege misuse and encourage reporting of suspicious activity. 9. Review and harden WordPress REST API permissions globally to ensure endpoints are not exposed unnecessarily. 10. Conduct penetration testing focused on REST API authorization to detect similar issues proactively.