CVE-2025-6720 identifies a missing authorization vulnerability (CWE-862) in the bandido MORKVA Vchasno Kasa Integration plugin for WordPress, specifically in the clear_all_log() function. This function lacks a capability check, allowing any unauthenticated attacker to invoke it and clear log files. The vulnerability affects all versions up to and including 1.0.3. Since the function can be triggered remotely without authentication or user interaction, the attack vector is network-based and straightforward. The vulnerability does not expose confidential data nor disrupt service availability but undermines the integrity of log files by enabling unauthorized deletion. This can impede security monitoring, incident response, and forensic analysis, as logs are essential for tracking system events and detecting malicious behavior. No patches or fixes are currently linked, and no known exploits have been observed in the wild. The CVSS v3.1 base score is 5.3 (medium), reflecting the ease of exploitation and limited impact scope. The vulnerability is particularly relevant for organizations relying on this plugin for e-commerce or financial transaction logging, where log integrity is critical. The absence of authorization checks represents a fundamental security oversight that should be addressed promptly to prevent potential misuse.

The primary impact of CVE-2025-6720 is the unauthorized deletion of log files, which compromises the integrity of audit trails. This can severely hinder an organization's ability to detect, investigate, and respond to security incidents, potentially allowing attackers to cover their tracks after gaining access through other means. Although the vulnerability does not directly expose sensitive data or cause service disruption, the loss of logs can increase the risk of prolonged undetected breaches and complicate compliance with regulatory requirements that mandate log retention and monitoring. Organizations using the affected plugin in environments handling financial transactions or sensitive operations may face increased operational risk and reputational damage if attackers exploit this flaw. The ease of exploitation without authentication or user interaction broadens the attack surface, making it accessible to remote attackers. However, the absence of known exploits in the wild suggests limited current exploitation but does not preclude future attacks.

1. Immediately implement authorization checks on the clear_all_log() function to ensure only users with appropriate capabilities can execute log clearing. 2. If source code access is available, apply custom patches to enforce capability verification before function execution. 3. Monitor WordPress plugin updates closely and apply official patches from the vendor once released. 4. Employ file integrity monitoring solutions to detect unexpected log deletions or modifications. 5. Restrict access to plugin endpoints via web application firewalls (WAFs) or network-level controls to limit exposure. 6. Maintain comprehensive and offsite backups of log files to enable recovery in case of deletion. 7. Enhance logging and alerting mechanisms to notify administrators of suspicious log clearance activities. 8. Conduct regular security audits and penetration testing focused on plugin vulnerabilities and authorization enforcement. 9. Educate administrators and developers about the importance of authorization checks in plugin development and deployment.