CVE-2025-12170 is a vulnerability identified in the Checkbox plugin for WordPress, developed by bandido, affecting all versions up to and including 2.8.10. The root cause is a missing authorization check (CWE-862) on the AJAX endpoint 'wp_ajax_nopriv_checkbox_clean_log', which is accessible without authentication. This endpoint allows clearing of log files maintained by the plugin. Because there is no capability verification, unauthenticated attackers can invoke this endpoint remotely to delete logs, resulting in unauthorized loss of data integrity. The vulnerability does not expose confidential information nor does it affect system availability directly, but by erasing logs, it impairs the ability to audit or investigate security events, potentially masking malicious activity. The CVSS 3.1 base score is 5.3, reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and limited impact confined to integrity loss. No patches or exploits are currently documented, but the vulnerability is publicly disclosed and should be addressed promptly. The plugin is widely used in WordPress environments, making this a relevant concern for many websites relying on Checkbox for logging or related functionality.

The primary impact of this vulnerability is the unauthorized deletion of log files, which compromises the integrity of security and operational logs. This can severely hinder incident response efforts, forensic investigations, and auditing processes, as attackers can erase traces of their activities or other critical events. Although it does not directly affect confidentiality or availability, the loss of logs can indirectly facilitate further attacks by obscuring attacker behavior. Organizations relying on Checkbox logs for monitoring or compliance may face increased risk of undetected breaches or failure to meet regulatory requirements. The ease of exploitation without authentication increases the threat surface, especially for publicly accessible WordPress sites using the vulnerable plugin. This can affect small to large organizations globally, particularly those with high web presence or compliance obligations.

To mitigate this vulnerability, organizations should immediately update the Checkbox plugin to a version that includes proper authorization checks once available. In the absence of an official patch, administrators can implement web application firewall (WAF) rules to block unauthorized access to the 'wp_ajax_nopriv_checkbox_clean_log' endpoint. Restricting access to this AJAX endpoint by IP address or requiring authentication via custom code modifications can also reduce risk. Regularly backing up log files to secure, offsite locations ensures recovery in case of deletion. Monitoring web server and application logs for suspicious requests targeting this endpoint can help detect exploitation attempts. Additionally, organizations should review their incident response and logging policies to account for potential log tampering and ensure alternative logging mechanisms are in place.