CVE-2025-12900 is a vulnerability classified under CWE-862 (Missing Authorization) found in the FileBird – WordPress Media Library Folders & File Manager plugin, versions up to and including 6.5.1. The flaw exists in the ConvertController::insertToNewTable function, where a user-controlled key is not properly validated for authorization. This missing authorization check allows authenticated users with author-level permissions or higher to inject global folders into the media library and reassign arbitrary media attachments to these folders. The vulnerability does not allow unauthorized access to media files themselves but permits manipulation of media folder structures, potentially disrupting media organization and workflow integrity. The attack vector is remote network-based (AV:N), requires low attack complexity (AC:L), and privileges at the author level (PR:L), with no user interaction needed (UI:N). The scope is unchanged (S:U), and the impact affects integrity (I:L) but not confidentiality or availability. No known exploits have been reported in the wild, and no official patches have been published at the time of disclosure. This vulnerability highlights the importance of proper authorization checks in WordPress plugins managing media assets, especially where user roles with content creation privileges are involved.

The primary impact of CVE-2025-12900 is on the integrity of media management within affected WordPress sites. Attackers with author-level access can manipulate media folder structures by injecting global folders and reassigning media attachments, potentially causing confusion, mismanagement, or disruption in content workflows. While this does not expose media content to unauthorized users or cause denial of service, it can undermine organizational control over digital assets. For organizations relying heavily on WordPress for content management, especially those with multiple authors or contributors, this could lead to operational inefficiencies or inadvertent content misplacement. The vulnerability does not directly compromise confidentiality or availability, limiting its impact to integrity concerns. However, in environments where media organization is critical, such as publishing, e-commerce, or marketing, the disruption could have downstream effects on content delivery and user experience.

To mitigate CVE-2025-12900, organizations should immediately audit user roles and permissions within WordPress, ensuring that only trusted users are granted author-level or higher access. Restricting author privileges can reduce the risk of exploitation. Administrators should monitor plugin updates from the vendor ninjateam and apply patches promptly once available. In the absence of official patches, consider temporarily disabling or replacing the FileBird plugin with alternative media management solutions that enforce strict authorization checks. Implementing web application firewalls (WAFs) with custom rules to detect and block suspicious requests targeting the ConvertController::insertToNewTable function may provide interim protection. Additionally, logging and monitoring media folder changes can help detect unauthorized manipulations early. Regular security reviews of WordPress plugins and adherence to the principle of least privilege for user roles are critical preventive measures.