CVE-2025-12968 is a vulnerability classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) found in the Infility Global plugin for WordPress. The root cause is the plugin's `upload_file` function within the `infility_import_file` class, which performs only MIME type validation for uploaded files. Since MIME types can be easily spoofed, this validation is insufficient to prevent malicious file uploads. Additionally, the `import_data` function lacks proper capability checks, allowing users with subscriber-level access or higher to upload files without adequate permission verification. This combination enables an authenticated attacker to upload arbitrary files, including potentially malicious scripts, to the server hosting the WordPress site. Such uploads can lead to remote code execution (RCE), allowing attackers to execute arbitrary commands, escalate privileges, or pivot within the network. The vulnerability affects all versions of the plugin up to and including 2.14.23. The CVSS v3.1 base score is 8.8, reflecting high impact and ease of exploitation without user interaction but requiring low privileges. Although no known exploits are currently in the wild, the vulnerability's characteristics make it a significant threat to affected WordPress sites.

The impact of CVE-2025-12968 is substantial for organizations using the Infility Global WordPress plugin. Successful exploitation can lead to remote code execution, enabling attackers to gain full control over the affected web server. This compromises the confidentiality of sensitive data stored or processed by the website, including user information and business data. Integrity is at risk as attackers can modify website content, inject malicious code, or alter backend databases. Availability may be disrupted through denial-of-service conditions or by attackers deploying ransomware or other destructive payloads. The vulnerability's requirement for only subscriber-level authentication lowers the barrier for exploitation, increasing risk. Organizations relying on WordPress sites with this plugin face potential reputational damage, regulatory penalties, and operational disruption if exploited. The absence of public exploits currently provides a window for remediation, but the threat remains high due to the ease of exploitation and severe consequences.

To mitigate CVE-2025-12968, organizations should first check for and apply any official patches or updates from the Infility Global plugin vendor once available. In the absence of patches, immediate steps include disabling or uninstalling the Infility Global plugin to prevent exploitation. Implement strict access controls by limiting subscriber-level permissions and auditing user roles to minimize the number of users who can upload files. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious file upload attempts, particularly those with executable extensions or unusual MIME types. Enhance server-side validation by implementing additional checks beyond MIME type, such as verifying file extensions, scanning uploaded files for malware, and restricting upload directories to non-executable locations. Monitor server logs for unusual upload activity or unauthorized file creations. Regularly back up website data and configurations to enable recovery in case of compromise. Finally, conduct security awareness training for administrators and users about the risks of file upload vulnerabilities and the importance of maintaining updated plugins.