The vulnerability identified as CVE-2025-12847 affects the All in One SEO – Powerful SEO Plugin for WordPress, versions up to and including 4.8.9. This plugin exposes a REST API endpoint at /wp-json/aioseo/v1/ai/image-generator which is intended to handle image generation tasks. The security flaw arises because this endpoint only checks if the user has the 'edit_posts' capability, a permission granted to Contributors and above, but fails to verify whether the user is authorized to delete specific media attachments. Consequently, an authenticated user with Contributor-level access can supply arbitrary media attachment IDs to the endpoint and cause permanent deletion of those media files. This is a classic example of CWE-862: Missing Authorization, where the system does not enforce proper access control on sensitive operations. The vulnerability does not require user interaction beyond authentication and can be exploited remotely over the network. The CVSS 3.1 base score is 4.3 (medium severity), reflecting limited impact on confidentiality and availability but a clear integrity impact. No patches or known exploits have been reported at the time of publication. The attack surface includes any WordPress installation running the vulnerable plugin with users assigned Contributor or higher roles, which is common in multi-author blogs or corporate websites. Attackers must know or guess valid media attachment IDs, which may be discoverable through other means or enumeration techniques. This vulnerability highlights the importance of granular permission checks in REST API endpoints, especially in widely used plugins that manage critical website content.

For European organizations, the primary impact of this vulnerability is the unauthorized deletion of media assets, which can disrupt website content integrity and user experience. Organizations relying on WordPress sites with multiple contributors are at risk of internal misuse or exploitation by compromised Contributor accounts. Although this vulnerability does not expose sensitive data or cause denial of service, the loss of media files can affect brand reputation, marketing efforts, and operational continuity. In sectors such as media, e-commerce, and public services where digital content is critical, unauthorized media deletion could lead to costly recovery efforts and potential compliance issues if content is regulated. The risk is heightened in environments where Contributor roles are broadly assigned without strict oversight. Since the vulnerability requires authentication, the threat is mostly from insider threats or attackers who have obtained valid credentials. The absence of known exploits reduces immediate risk but does not eliminate the potential for future attacks. European organizations with high WordPress usage and significant digital content management, especially in Germany, France, the UK, Italy, and the Netherlands, should be particularly vigilant. The vulnerability could also be leveraged as part of a broader attack chain to degrade website integrity or cover tracks by deleting forensic evidence stored as media.

To mitigate this vulnerability, European organizations should immediately audit and restrict Contributor-level permissions to only trusted users, minimizing the risk of unauthorized media deletion. Administrators should monitor and log REST API usage, focusing on calls to /wp-json/aioseo/v1/ai/image-generator for suspicious activity or unusual deletion patterns. Although no official patch is currently available, organizations should track vendor updates closely and apply patches as soon as they are released. In the interim, consider disabling or restricting access to the vulnerable REST API endpoint via web application firewalls (WAFs) or custom rules that block deletion requests from non-administrative users. Implementing stricter role-based access controls (RBAC) and enforcing the principle of least privilege for all WordPress users can reduce exposure. Regular backups of media libraries are essential to enable recovery from unauthorized deletions. Additionally, organizations should educate content contributors about the risks and monitor for compromised accounts that could exploit this vulnerability. Employing security plugins that enhance REST API security and authorization checks can provide additional layers of defense.