CVE-2025-12172 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the Mailchimp List Subscribe Form plugin for WordPress, affecting all versions up to and including 2.0.0. The vulnerability stems from the absence or improper implementation of nonce validation in the mailchimp_sf_change_list_if_necessary() function. Nonces are security tokens used to verify that requests originate from legitimate users and not from malicious third parties. Without proper nonce checks, an attacker can craft a malicious web request that, if executed by an authenticated site administrator (e.g., by clicking a link), can alter Mailchimp list configurations without the administrator's consent. This attack vector requires no authentication on the attacker’s part but does require user interaction from a privileged user. The vulnerability impacts the integrity of the Mailchimp list data by allowing unauthorized changes, potentially disrupting marketing campaigns or causing data inconsistencies. The CVSS v3.1 base score is 4.3 (medium), reflecting the limited impact on confidentiality and availability, the ease of exploitation, and the requirement for user interaction. No public exploits have been reported to date, but the vulnerability remains a risk for sites using this plugin. The lack of a patch link indicates that a fix may not yet be publicly available, emphasizing the need for interim mitigations.

For European organizations, this vulnerability primarily threatens the integrity of marketing and subscriber data managed through Mailchimp lists on WordPress sites. Unauthorized changes to subscriber lists could lead to misdirected communications, loss of subscriber trust, or disruption of marketing workflows. While confidentiality and availability are not directly impacted, the manipulation of list data could indirectly affect business operations and reputation. Organizations relying heavily on digital marketing and customer engagement via Mailchimp integrated with WordPress are at higher risk. Additionally, if attackers leverage this vulnerability in targeted phishing campaigns, it could facilitate broader social engineering attacks. The requirement for administrator interaction means that organizations with strong user awareness and phishing defenses may reduce risk, but those without such measures remain vulnerable. The medium severity score suggests that while the threat is not critical, it should not be ignored, especially in sectors where marketing data integrity is crucial.

1. Monitor for and apply updates from the Mailchimp List Subscribe Form plugin vendor as soon as patches become available. 2. Until a patch is released, implement custom nonce validation in the mailchimp_sf_change_list_if_necessary() function or use Web Application Firewalls (WAFs) to detect and block suspicious CSRF attempts targeting this endpoint. 3. Educate WordPress site administrators about the risks of clicking unsolicited links, especially those that could trigger administrative actions. 4. Limit administrative privileges to only necessary personnel and consider multi-factor authentication (MFA) to reduce the risk of compromised accounts. 5. Regularly audit Mailchimp list configurations and logs for unauthorized changes to detect potential exploitation early. 6. Employ Content Security Policy (CSP) headers and SameSite cookie attributes to reduce the risk of CSRF attacks. 7. Consider temporarily disabling or restricting the vulnerable plugin functionality if feasible until a patch is available.