The vulnerability identified as CVE-2025-12720 affects the garidium g-FFL Cockpit plugin for WordPress, specifically all versions up to 1.7.1. The root cause is an improper authorization mechanism (CWE-285) where the plugin relies on IP-based authorization checks within the handle_enqueue_only() function. This IP-based control can be spoofed by unauthenticated attackers, allowing them to bypass authorization and perform unauthorized actions. The primary impact is the ability to delete arbitrary products managed by the plugin, compromising data integrity. The vulnerability does not affect confidentiality or availability directly, nor does it require user interaction or authentication, making it easier to exploit remotely. The CVSS 3.1 base score of 5.3 reflects these factors: network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), integrity impact (I:L), and no availability impact (A:N). No patches are currently linked, and no known exploits have been reported in the wild as of the publication date. The vulnerability is significant for WordPress sites using this plugin, particularly those managing product data, such as e-commerce platforms.

For European organizations, especially those operating e-commerce websites using the garidium g-FFL Cockpit plugin, this vulnerability poses a risk to the integrity of product data. Unauthorized deletion of products can disrupt business operations, cause financial losses, and damage customer trust. Although there is no direct impact on confidentiality or availability, the integrity breach can lead to inventory inaccuracies, order fulfillment issues, and potential regulatory compliance challenges related to data accuracy. The ease of exploitation without authentication increases the threat level, making it attractive for attackers aiming to cause disruption or sabotage. Organizations relying on this plugin should consider the risk of targeted attacks or opportunistic exploitation, particularly in sectors with high online sales volumes.

1. Monitor the vendor’s official channels for patches or updates addressing CVE-2025-12720 and apply them promptly once available. 2. Until patches are released, restrict access to the plugin’s endpoints by IP whitelisting or firewall rules to limit exposure to trusted networks only. 3. Implement Web Application Firewall (WAF) rules to detect and block suspicious requests attempting to spoof IP addresses or invoke the vulnerable function. 4. Conduct regular audits of product data integrity to quickly identify unauthorized deletions or modifications. 5. Consider disabling or replacing the g-FFL Cockpit plugin if it is not essential or if alternative plugins with better security posture exist. 6. Enhance overall WordPress security by ensuring the platform and all plugins are kept up to date, and by enforcing least privilege principles for user roles and API access. 7. Educate site administrators about the risks of IP-based authorization and encourage adoption of more robust authentication and authorization mechanisms.