CVE-2025-12354 identifies a missing authorization vulnerability (CWE-862) in the Live CSS Preview plugin for WordPress, maintained by dojodigital. The vulnerability exists because the plugin's AJAX endpoint 'wp_ajax_frontend_save' lacks proper capability checks, allowing any authenticated user with at least Subscriber-level privileges to modify the plugin's CSS settings. This missing authorization means that users who normally have limited permissions can escalate their influence by altering CSS, which can affect the website's appearance and potentially be used to conduct UI-based attacks such as phishing or misleading users. The vulnerability affects all versions up to and including 2.0.0, with no patch currently available. The CVSS 3.1 base score is 4.3 (medium), reflecting network attack vector, low attack complexity, requiring privileges but no user interaction, and impacting integrity only. While confidentiality and availability remain unaffected, the integrity impact can have downstream consequences on user trust and site credibility. No known exploits have been observed in the wild, but the flaw's presence in a popular WordPress plugin makes it a notable risk. The vulnerability was reserved in late October 2025 and published in early December 2025. The plugin is widely used in WordPress environments, which are prevalent across many European organizations, especially those relying on WordPress for content management and e-commerce. The lack of a patch necessitates immediate mitigation steps to prevent unauthorized CSS changes that could be leveraged for social engineering or UI manipulation.

For European organizations, this vulnerability primarily threatens the integrity of web content managed via the Live CSS Preview plugin. Unauthorized CSS modifications can lead to visual defacement, misleading UI elements, or the insertion of malicious styles that facilitate phishing or user deception. This can damage brand reputation, reduce user trust, and potentially lead to indirect data compromise if users are tricked into divulging sensitive information. Since the vulnerability requires authenticated access at Subscriber level or above, attackers may exploit compromised or weak user credentials to gain entry. Organizations with public-facing WordPress sites using this plugin are at risk, especially those in sectors like e-commerce, government, and media where website integrity is critical. The impact on availability and confidentiality is negligible, but the integrity compromise can have cascading effects on business operations and compliance with data protection regulations such as GDPR if user trust is eroded. Given the widespread use of WordPress in Europe, the vulnerability could affect a broad range of organizations, particularly in countries with high WordPress market penetration.

1. Immediately restrict access to the Live CSS Preview plugin's administrative and AJAX endpoints by limiting Subscriber-level user permissions or disabling the plugin if not essential. 2. Implement strict user role management and enforce strong authentication policies to reduce the risk of credential compromise for low-privilege users. 3. Monitor web server and WordPress logs for unusual AJAX requests to 'wp_ajax_frontend_save' that could indicate exploitation attempts. 4. Use Web Application Firewalls (WAFs) to detect and block unauthorized modification attempts targeting the vulnerable endpoint. 5. Educate site administrators and users about the risks of unauthorized CSS changes and encourage regular audits of plugin configurations and user permissions. 6. Stay alert for official patches or updates from dojodigital and apply them promptly once released. 7. Consider deploying Content Security Policy (CSP) headers to limit the impact of malicious CSS injections. 8. For critical sites, consider isolating or sandboxing the plugin functionality to minimize potential damage from exploitation.