CVE-2025-12582 is a vulnerability identified in the Features plugin for WordPress, developed by klicher, affecting all versions up to and including 0.0.2. The core issue is a missing authorization check on the 'features_revert_option' AJAX endpoint, which is intended to allow reverting plugin options to previous states. Due to the lack of proper capability verification, any authenticated user with Subscriber-level privileges or higher can invoke this endpoint to revert options without appropriate permissions. This vulnerability falls under CWE-862 (Missing Authorization), indicating that the system fails to restrict access to sensitive functionality properly. The attack vector is network-based (AV:N), requiring low attack complexity (AC:L), and only low privileges (PR:L) are needed, with no user interaction (UI:N). The scope remains unchanged (S:U), and the impact affects integrity (I:L) but not confidentiality or availability. Although no exploits have been reported in the wild, the vulnerability could be leveraged to disrupt site configurations or revert security settings, potentially weakening the overall security posture of affected WordPress sites. The vulnerability was published on November 5, 2025, with a CVSS 3.1 base score of 4.3, categorized as medium severity. No patches have been linked yet, so mitigation currently relies on access control and monitoring.

For European organizations, this vulnerability poses a risk primarily to the integrity of WordPress sites using the Features plugin. Unauthorized reversion of plugin options could lead to misconfiguration, potentially disabling security features or altering site behavior in ways that facilitate further attacks or operational disruptions. While confidentiality and availability are not directly impacted, integrity compromises can cascade into broader security issues, especially if reverted options disable protective controls or introduce vulnerabilities. Organizations relying on WordPress for critical business functions, particularly SMEs and digital service providers, may face operational risks and reputational damage if attackers exploit this flaw. The requirement for only Subscriber-level access means that even low-privileged users or compromised accounts could be leveraged, increasing the threat surface. Given the widespread use of WordPress across Europe, especially in countries with large SME sectors, the impact could be significant if not addressed promptly.

1. Immediately review and restrict user roles and permissions within WordPress, minimizing Subscriber-level accounts and ensuring that only trusted users have access. 2. Monitor and log AJAX requests to the 'features_revert_option' endpoint to detect unusual or unauthorized activity. 3. Implement Web Application Firewall (WAF) rules to block or alert on suspicious calls to this AJAX endpoint. 4. Follow the klicher vendor announcements closely and apply official patches or updates as soon as they become available. 5. Consider temporarily disabling or removing the Features plugin if it is not critical to operations until a patch is released. 6. Conduct regular audits of plugin configurations and site integrity to detect unauthorized changes early. 7. Educate site administrators about the risks of low-privilege account misuse and enforce strong authentication and account management policies. 8. Use security plugins that can enforce granular capability checks or restrict AJAX endpoint access beyond default WordPress capabilities.