CVE-2025-12892 is a vulnerability classified under CWE-862 (Missing Authorization) found in the ays-pro Survey Maker plugin for WordPress, affecting all versions up to and including 5.1.9.4. The root cause is the absence of a capability check within the deactivate_plugin_option() function, which manages the ays_survey_maker_upgrade_plugin option. This flaw allows unauthenticated attackers to remotely modify this plugin option without any user interaction or authentication, thereby compromising the integrity of the plugin's configuration. While the vulnerability does not expose sensitive data (no confidentiality impact) nor does it affect system availability, unauthorized modification of plugin options can lead to further security issues, such as enabling malicious plugin behavior or disrupting survey operations. The CVSS v3.1 base score is 5.3 (medium severity), reflecting the ease of exploitation (network vector, no privileges required, no user interaction) but limited impact scope. No public exploits or active exploitation have been reported yet. The vulnerability was published on November 13, 2025, and assigned by Wordfence. Currently, no official patches or updates have been linked, indicating the need for vigilance and interim protective measures.

For European organizations, this vulnerability poses a risk primarily to the integrity of WordPress sites using the ays-pro Survey Maker plugin. Unauthorized modification of plugin options could allow attackers to alter survey configurations, potentially injecting malicious code, redirecting survey responses, or disabling plugin functionality. This could undermine trust in survey data, disrupt business processes relying on survey feedback, or serve as a foothold for further attacks within the web environment. Although no direct confidentiality or availability impacts are noted, the integrity compromise can cascade into broader security issues if attackers leverage the altered plugin state to escalate privileges or deploy additional payloads. Organizations in sectors relying heavily on customer or employee surveys, such as market research, education, and public administration, may face operational disruptions and reputational damage. The vulnerability's ease of exploitation without authentication increases the risk of widespread scanning and opportunistic attacks across European WordPress installations.

1. Monitor official channels of the ays-pro Survey Maker plugin vendor for security patches and apply updates immediately upon release. 2. Until patches are available, restrict access to WordPress administrative functions and plugin management interfaces using IP whitelisting and strong authentication mechanisms. 3. Implement Web Application Firewall (WAF) rules to detect and block unauthorized requests attempting to modify plugin options, focusing on the deactivate_plugin_option() function calls. 4. Regularly audit WordPress option tables in the database for unexpected changes to ays_survey_maker_upgrade_plugin or related entries. 5. Employ security plugins that can alert on unauthorized plugin option modifications or suspicious activity. 6. Educate site administrators on the risks of unauthorized plugin changes and encourage prompt reporting of anomalies. 7. Consider temporarily disabling or removing the Survey Maker plugin if it is not critical, until a secure version is available. 8. Harden WordPress installations by disabling unnecessary REST API endpoints and limiting plugin installation privileges to trusted users only.