The vulnerability identified as CVE-2025-12720 affects the garidium g-FFL Cockpit plugin for WordPress, specifically versions up to 1.7.1. The root cause is an improper authorization mechanism (CWE-285) where the plugin relies on IP-based authorization checks within the handle_enqueue_only() function. Since IP addresses can be spoofed, an unauthenticated attacker can bypass these checks and perform unauthorized actions, notably the deletion of arbitrary products managed by the plugin. This results in a direct integrity impact, as product data can be maliciously altered or removed without any authentication or user interaction. The CVSS v3.1 base score is 5.3, reflecting a medium severity level, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), integrity impact (I:L), and no availability impact (A:N). Although no public exploits are currently known, the vulnerability poses a tangible risk to WordPress sites using this plugin, particularly those that manage product inventories or e-commerce catalogs. The absence of patch links suggests that a fix may not yet be available, increasing the urgency for mitigation measures.

For European organizations, especially those operating e-commerce platforms or product catalogs on WordPress with the garidium g-FFL Cockpit plugin, this vulnerability can lead to unauthorized deletion of product data, causing operational disruption and potential financial loss. The integrity compromise may undermine customer trust and damage brand reputation. While confidentiality and availability are not directly affected, the loss or manipulation of product information can interrupt business processes and require costly recovery efforts. Organizations with high reliance on accurate product data, such as retailers and distributors, face increased risk. Additionally, the ease of exploitation without authentication or user interaction means attackers can automate attacks at scale, potentially impacting multiple organizations across Europe. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, as attackers may develop exploits once the vulnerability becomes widely known.

Since no official patch is currently available, European organizations should implement compensating controls to mitigate this vulnerability. These include restricting access to the WordPress admin and plugin endpoints via IP whitelisting at the web server or firewall level, employing Web Application Firewalls (WAFs) with custom rules to detect and block suspicious requests targeting the handle_enqueue_only() function or product deletion actions. Monitoring and logging all administrative actions related to product management can help detect unauthorized deletions early. Organizations should also consider temporarily disabling or uninstalling the g-FFL Cockpit plugin if feasible until a patch is released. Regular backups of product data are critical to enable rapid restoration in case of data loss. Finally, maintaining up-to-date WordPress core and plugins, and subscribing to vendor security advisories, will help ensure timely application of future patches.