CVE-2025-6720 is a medium severity vulnerability affecting the MORKVA Vchasno Kasa Integration plugin for WordPress, developed by bandido. The vulnerability arises from a missing authorization check (CWE-862) in the clear_all_log() function, which is responsible for clearing log files within the plugin. Specifically, the function lacks a capability check to verify whether the caller is authorized to perform this action. As a result, unauthenticated attackers can invoke this function remotely without any credentials or user interaction, enabling them to clear log files arbitrarily. This vulnerability affects all versions up to and including 1.0.3 of the plugin. The CVSS v3.1 base score is 5.3, reflecting a medium severity rating, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), limited integrity impact (I:L), and no availability impact (A:N). The primary impact is the unauthorized modification of log data, which can hinder forensic investigations, incident response, and auditing processes by erasing evidence of malicious activity or operational issues. There are no known exploits in the wild at the time of publication, and no patches have been linked yet. The vulnerability was reserved on June 26, 2025, and published on July 19, 2025.

For European organizations, this vulnerability poses a significant risk to the integrity of security and operational logs managed by the Vchasno Kasa plugin on WordPress sites. Many businesses and public sector entities in Europe rely on WordPress for their web presence and may use this plugin for integration with local payment or cash register systems. The ability for unauthenticated attackers to clear logs can facilitate stealthy attacks by erasing traces of intrusion or fraudulent activities, complicating detection and remediation efforts. This undermines trust in the affected systems and may lead to regulatory compliance issues, especially under GDPR and other data protection frameworks that require proper logging and audit trails. While the vulnerability does not directly compromise confidentiality or availability, the loss of log integrity can indirectly enable more severe attacks or prolonged breaches. Organizations in sectors such as retail, finance, and government that use this plugin are particularly at risk, as they often have stringent logging requirements and face high scrutiny regarding security incidents.

Immediate mitigation steps include disabling or uninstalling the Vchasno Kasa plugin until a security patch is released. Organizations should monitor official vendor channels and WordPress plugin repositories for updates addressing this vulnerability. In the interim, restricting access to the WordPress admin interface and implementing web application firewall (WAF) rules to block unauthorized requests targeting the clear_all_log() function can reduce exposure. Additionally, enabling comprehensive external logging and monitoring solutions can help detect suspicious activities even if internal logs are cleared. Conducting regular backups of log files and storing them securely offsite will preserve forensic data in case of tampering. Organizations should also audit user roles and permissions to ensure that only trusted administrators have access to sensitive plugin functions once patched. Finally, raising awareness among IT and security teams about this vulnerability will help in early detection and response to potential exploitation attempts.