CVE-2025-12579 is a vulnerability classified under CWE-862 (Missing Authorization) found in the Reuters Direct plugin for WordPress, developed by rnags. The flaw exists in all versions up to and including 3.0.0, where the plugin fails to perform a capability check on the 'logoff' action. This missing authorization allows unauthenticated attackers to invoke the 'logoff' action remotely, which results in resetting the plugin’s settings to default or undesired states. The vulnerability is exploitable over the network without requiring any authentication or user interaction, making it accessible to any remote attacker. The CVSS v3.1 base score is 5.3 (medium severity), reflecting that while the vulnerability does not disclose sensitive data or cause denial of service, it allows unauthorized modification of plugin configuration, impacting integrity. No patches or fixes have been published yet, and no known exploits have been reported in the wild. The Reuters Direct plugin is typically used by media and news organizations to integrate Reuters content into WordPress sites, making the integrity of its configuration critical for reliable content delivery and site operation. Attackers exploiting this vulnerability could disrupt content feeds or manipulate plugin behavior, potentially leading to misinformation or operational issues.

The primary impact of CVE-2025-12579 is unauthorized modification of the Reuters Direct plugin settings, which compromises the integrity of the plugin’s configuration. This could lead to disruption of news content delivery, incorrect or missing data feeds, or altered plugin behavior that affects website functionality. Although confidentiality and availability are not directly impacted, the integrity breach can have downstream effects such as loss of trust, reputational damage, and operational interruptions for organizations relying on Reuters Direct for timely and accurate news content. Since exploitation requires no authentication and can be performed remotely, the attack surface is broad, increasing the risk for any WordPress site using the vulnerable plugin. Media companies, news agencies, and other organizations integrating Reuters content are particularly vulnerable, as unauthorized changes could affect their public-facing information channels. The absence of known exploits in the wild currently limits immediate widespread impact, but the vulnerability remains a significant risk until patched.

1. Monitor for official patches or updates from rnags for the Reuters Direct plugin and apply them immediately upon release. 2. Until a patch is available, restrict access to the plugin’s endpoints by implementing web application firewall (WAF) rules that block unauthorized requests to the 'logoff' action or related plugin URLs. 3. Employ IP whitelisting or VPN access controls for administrative interfaces to limit exposure to trusted users only. 4. Regularly audit WordPress plugin configurations and logs for unauthorized changes or suspicious activity related to Reuters Direct. 5. Consider disabling or removing the Reuters Direct plugin if it is not essential, or replace it with alternative solutions that have stronger security controls. 6. Educate site administrators about this vulnerability to ensure prompt detection and response to any anomalous behavior. 7. Implement a robust backup and recovery strategy to restore plugin settings quickly if unauthorized modifications occur.