CVE-2025-12167 is a vulnerability identified in the rnzo Contact Form 7 AWeber Extension plugin for WordPress, affecting all versions up to and including 0.1.42. The issue stems from a missing authorization check (CWE-862) on the AJAX endpoint 'wp_ajax_aweber_logreset', which is intended to reset AWeber logs. This endpoint can be accessed by any authenticated user with at least Subscriber-level privileges, which are typically granted to low-privilege users on WordPress sites. Because the plugin fails to verify whether the user has the appropriate capability to perform this action, an attacker with minimal access can reset logs without proper authorization. The vulnerability has a CVSS 3.1 base score of 4.3, indicating medium severity, with an attack vector over the network (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), limited integrity impact (I:L), and no availability impact (A:N). The primary risk is the unauthorized modification of log data, which could be leveraged to erase evidence of malicious activity or interfere with audit processes. No patches or fixes have been published at the time of disclosure, and no active exploitation has been reported. The vulnerability is relevant to any WordPress site using this plugin, which integrates Contact Form 7 with AWeber email marketing services.

The vulnerability allows attackers with Subscriber-level access or higher to reset AWeber logs without authorization, compromising the integrity of log data. This can hinder incident response and forensic investigations by erasing or altering records of plugin activity. While it does not directly expose sensitive data or disrupt service availability, the ability to manipulate logs can facilitate stealthy attacks or cover tracks after other malicious actions. Organizations relying on these logs for compliance, auditing, or security monitoring may face increased risk of undetected compromise. Since Subscriber-level access is relatively low privilege, the attack surface is broader than vulnerabilities requiring administrator rights. The impact is particularly significant for sites that depend on accurate logging for security or regulatory reasons. However, the lack of known exploits and the medium CVSS score suggest the threat is moderate but should not be ignored.

To mitigate this vulnerability, organizations should immediately review and restrict user roles and permissions, ensuring that Subscriber-level users are limited and monitored closely. Implement strict access controls to minimize the number of users with authenticated access. Employ Web Application Firewalls (WAFs) to detect and block unauthorized AJAX requests targeting the 'wp_ajax_aweber_logreset' endpoint. Monitor logs for unusual reset activities or repeated access to this endpoint. Until an official patch is released, consider temporarily disabling or removing the Contact Form 7 AWeber Extension plugin if feasible. Additionally, site administrators should keep WordPress core and all plugins updated and subscribe to vendor advisories for timely patch deployment. Implementing multi-factor authentication (MFA) can reduce the risk of compromised accounts being used to exploit this flaw. Finally, conduct regular security audits and log integrity checks to detect tampering.