CVE-2025-12558 is a vulnerability classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) found in the Beaver Builder Page Builder plugin for WordPress, a widely used drag-and-drop website builder. The flaw exists in the 'get_attachment_sizes' function, which improperly exposes sensitive information related to private attachments. Authenticated users with Contributor-level permissions or higher can exploit this vulnerability to extract sensitive data such as file paths and metadata of private attachments that should otherwise remain inaccessible. This exposure could allow attackers to identify and potentially access private files, leading to confidentiality breaches. The vulnerability affects all versions up to and including 2.9.4. The CVSS v3.1 base score is 4.3 (medium severity), reflecting that the attack vector is network-based, requires low attack complexity, and privileges at the Contributor level, but does not require user interaction. The impact is limited to confidentiality, with no direct effect on integrity or availability. No patches were linked at the time of disclosure, and no known exploits have been reported in the wild. Given the plugin’s popularity in WordPress ecosystems, this vulnerability poses a risk to websites relying on Beaver Builder for content management, especially those hosting sensitive or private media. Attackers exploiting this flaw could gather information useful for further attacks or data leakage.

For European organizations, the exposure of sensitive attachment metadata and file paths can lead to unauthorized disclosure of confidential information, potentially violating data protection regulations such as GDPR. This could result in reputational damage, legal penalties, and loss of customer trust. Organizations using Beaver Builder to manage websites with private or sensitive content are at risk of data leakage if Contributor-level access is granted to untrusted users or if accounts are compromised. Although the vulnerability does not directly affect system integrity or availability, the confidentiality breach could facilitate further attacks, such as targeted phishing or social engineering. The impact is particularly significant for sectors handling sensitive data, including finance, healthcare, and government institutions. Additionally, the ease of exploitation and network accessibility increase the likelihood of exploitation if mitigations are not applied promptly.

European organizations should immediately audit user roles and permissions within their WordPress installations, ensuring that Contributor-level access is granted only to trusted users. Restricting or reviewing Contributor and higher privileges can reduce the attack surface. Monitoring and logging access to attachment metadata and private files can help detect suspicious activity. Organizations should stay vigilant for official patches or updates from Beaver Builder and apply them promptly once released. In the absence of a patch, consider implementing web application firewall (WAF) rules to block or monitor requests targeting the 'get_attachment_sizes' function or related endpoints. Additionally, limiting plugin usage to the minimum necessary and conducting regular security assessments of WordPress plugins can reduce exposure. Educating administrators and users about the risks of privilege escalation and sensitive data exposure is also recommended.