CVE-2025-12681 is a vulnerability classified under CWE-200, indicating exposure of sensitive information to unauthorized actors. It affects the 'Comment Edit Core – Simple Comment Editing' plugin for WordPress, specifically versions up to and including 3.1.0. The vulnerability resides in the 'ajax_get_comment' function, which is accessible without authentication. This function improperly exposes sensitive user data such as user IDs, IP addresses, and email addresses to unauthenticated attackers. The flaw arises due to insufficient access controls on AJAX endpoints, allowing attackers to retrieve data that should be restricted. The vulnerability has a CVSS 3.1 base score of 5.3, reflecting medium severity with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The scope is unchanged, affecting only confidentiality without impacting integrity or availability. No patches are currently linked, and no known exploits have been observed in the wild. Given the widespread use of WordPress and the popularity of comment editing plugins, this vulnerability poses a notable risk to website operators and their users. Attackers could leverage the exposed data for reconnaissance, targeted phishing, or further exploitation of user accounts.

The primary impact of CVE-2025-12681 is the unauthorized disclosure of sensitive user information, including user IDs, IP addresses, and email addresses. This breach of confidentiality can lead to privacy violations and undermine user trust. Exposed email addresses and IPs can be used for spear-phishing campaigns, social engineering, or brute force attacks against user accounts. While the vulnerability does not allow direct modification or disruption of site content, the information leakage can facilitate secondary attacks that compromise integrity or availability. Organizations operating WordPress sites with this plugin risk reputational damage, potential regulatory penalties related to data protection laws (e.g., GDPR), and increased exposure to targeted cyberattacks. The ease of exploitation without authentication and user interaction increases the likelihood of automated scanning and data harvesting by malicious actors.

1. Immediately disable or uninstall the 'Comment Edit Core – Simple Comment Editing' plugin until a secure patched version is released. 2. If disabling the plugin is not feasible, restrict access to the vulnerable AJAX endpoint ('ajax_get_comment') by implementing IP whitelisting or authentication checks at the web server or application firewall level. 3. Monitor web server logs for unusual or repeated access attempts to the AJAX endpoint to detect potential exploitation attempts. 4. Educate site administrators on the risks of exposing sensitive data via plugins and encourage regular plugin updates and security audits. 5. Implement web application firewalls (WAFs) with rules to block unauthenticated access to sensitive AJAX functions. 6. Once a patch is available, apply it promptly and verify that the vulnerability is resolved by testing access controls on the AJAX endpoints. 7. Review and minimize the amount of sensitive data exposed through plugins and APIs to reduce attack surface.