CVE-2025-12350 is a vulnerability identified in the DominoKit plugin for WordPress, specifically due to a missing authorization check on the AJAX endpoint wp_ajax_nopriv_dominokit_option_admin_action. This endpoint is accessible without authentication (nopriv), and the plugin fails to verify whether the requester has the necessary capabilities to perform administrative actions. As a result, unauthenticated attackers can invoke this AJAX action to update plugin settings arbitrarily. The vulnerability affects all versions up to and including 1.1.0 of DominoKit. The CVSS 3.1 base score is 5.3, reflecting a medium severity with an attack vector of network (remote), low attack complexity, no privileges required, and no user interaction needed. The impact is limited to integrity, as attackers can modify plugin settings but cannot directly access or disrupt data confidentiality or availability. No known exploits have been reported in the wild, and no patches have been published at the time of disclosure. The vulnerability is classified under CWE-862 (Missing Authorization). Since the plugin is a WordPress extension, the threat surface includes any WordPress installation using DominoKit, which is popular for certain administrative or functional enhancements. Exploitation could facilitate further attacks by altering plugin behavior or enabling persistence mechanisms.

For European organizations, this vulnerability poses a risk primarily to the integrity of WordPress environments using the DominoKit plugin. Unauthorized modification of plugin settings could lead to misconfigurations that weaken security controls, enable privilege escalation, or facilitate the deployment of malicious payloads. While the vulnerability does not directly compromise confidentiality or availability, it can serve as a foothold for attackers to conduct more damaging activities. Organizations relying on DominoKit for critical website functions or administrative tasks may experience operational disruptions or reputational damage if attackers exploit this flaw. Given the widespread use of WordPress across Europe, especially in SMEs and public sector entities, the potential for exploitation exists wherever DominoKit is deployed. The absence of authentication requirements and user interaction lowers the barrier for attackers, increasing the likelihood of opportunistic attacks. However, the lack of known exploits in the wild suggests limited active targeting at present.

1. Monitor the DominoKit plugin vendor’s official channels for security updates and apply patches immediately once released. 2. Until a patch is available, implement web application firewall (WAF) rules to block or restrict access to the wp_ajax_nopriv_dominokit_option_admin_action endpoint, allowing only trusted IP addresses or authenticated users. 3. Conduct an audit of WordPress installations to identify the presence and version of DominoKit and prioritize remediation accordingly. 4. Employ principle of least privilege by reviewing and minimizing plugin capabilities and administrative access within WordPress. 5. Enable logging and monitoring of AJAX requests to detect suspicious activity targeting the vulnerable endpoint. 6. Consider disabling or removing the DominoKit plugin if it is not essential to reduce attack surface. 7. Educate site administrators about the risk and encourage prompt response to security advisories. 8. Use security plugins that can enforce additional authorization checks or block unauthorized AJAX calls.