CVE-2025-12582 identifies a missing authorization vulnerability (CWE-862) in the Features plugin for WordPress, developed by klicher. The flaw exists in the 'features_revert_option' AJAX endpoint, which lacks proper capability checks to verify if the authenticated user has sufficient privileges to revert plugin options. This vulnerability affects all versions up to and including 0.0.2. An attacker with at least Subscriber-level access can exploit this flaw to revert plugin options without authorization, potentially altering site configurations or undoing security-related settings. The vulnerability has a CVSS 3.1 base score of 4.3 (medium severity), reflecting its limited impact on confidentiality and availability but moderate impact on integrity. The attack vector is network-based, requiring authentication but no user interaction. No patches or known exploits are currently documented, but the risk remains for sites using vulnerable versions. The issue highlights the importance of proper authorization checks in AJAX endpoints, especially in widely used CMS plugins. Organizations relying on this plugin should monitor for updates and consider restricting user permissions to mitigate risk.

For European organizations, this vulnerability can lead to unauthorized modification of WordPress plugin settings by low-privileged authenticated users, potentially undermining site integrity and security posture. While it does not directly expose sensitive data or cause denial of service, unauthorized option reversion could disable security features, revert hardening configurations, or disrupt site functionality. This can increase the attack surface for further exploitation or cause operational disruptions. Organizations with multi-user WordPress environments, especially those allowing Subscriber-level access broadly, are at heightened risk. The impact is more pronounced for entities relying on the Features plugin for critical site configurations, including government, financial, and e-commerce sectors in Europe. Failure to address this vulnerability could lead to compliance issues under GDPR if resulting misconfigurations expose personal data indirectly.

1. Immediately audit user roles and permissions in WordPress to ensure that Subscriber-level users have minimal access and cannot perform sensitive actions. 2. Restrict access to the 'features_revert_option' AJAX endpoint by implementing custom capability checks or using security plugins that enforce granular access control. 3. Monitor AJAX request logs for unusual or unauthorized attempts to revert options, focusing on Subscriber-level accounts. 4. Apply principle of least privilege by limiting the number of users with elevated roles such as Editor or Administrator. 5. Stay alert for official patches or updates from the klicher Features plugin developers and apply them promptly once released. 6. Consider temporarily disabling or replacing the Features plugin if it is not critical to operations until a fix is available. 7. Employ web application firewalls (WAFs) with rules to detect and block suspicious AJAX calls targeting this endpoint. 8. Educate site administrators about this vulnerability and encourage regular security reviews of plugin configurations.