CVE-2025-6720 is a security vulnerability identified in the Vchasno Kasa plugin for WordPress, developed by bandido under the product name MORKVA Vchasno Kasa Integration. This vulnerability arises from a missing authorization check (CWE-862) on the clear_all_log() function in all versions up to and including 1.0.3. Specifically, the function responsible for clearing log files does not verify whether the caller has the necessary permissions or capabilities to perform this action. As a result, unauthenticated attackers can invoke this function remotely without any user interaction or authentication, allowing them to clear log files arbitrarily. The vulnerability has a CVSS 3.1 base score of 5.3, categorized as medium severity. The attack vector is network-based (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and impacts integrity (I:L) but not confidentiality or availability. The scope remains unchanged (S:U), meaning the vulnerability affects only the vulnerable component without impacting other components. Although no known exploits are currently reported in the wild, the vulnerability presents a risk of attackers erasing logs that could be critical for forensic investigations, incident response, or auditing. This could hinder detection of malicious activities or cover tracks after an intrusion. Since the vulnerability is in a WordPress plugin, it affects websites running WordPress with this specific plugin installed and active. The lack of a patch link indicates that a fix may not yet be publicly available, increasing the urgency for mitigation.

For European organizations, this vulnerability could have significant operational and security implications, especially for those relying on the Vchasno Kasa plugin for business or transactional purposes. The ability for unauthenticated attackers to clear logs compromises the integrity of security monitoring and incident response capabilities. This could delay detection of breaches or malicious activity, increasing the risk of prolonged compromise or data loss. While the vulnerability does not directly expose sensitive data or cause denial of service, the loss of logs can indirectly facilitate further attacks by obscuring attacker actions. Organizations in sectors with strict regulatory requirements for logging and audit trails, such as finance, healthcare, and critical infrastructure, may face compliance risks if logs are tampered with or lost. Additionally, the vulnerability could be leveraged as part of a multi-stage attack chain, where attackers first clear logs to evade detection before escalating privileges or exfiltrating data. The medium CVSS score reflects moderate risk, but the ease of exploitation (no authentication or user interaction needed) elevates concern for organizations with exposed WordPress sites using this plugin.

1. Immediate action should include disabling or uninstalling the Vchasno Kasa plugin until a security patch is released. 2. Monitor WordPress sites for unusual log clearing activities or sudden absence of expected log entries. 3. Implement web application firewalls (WAFs) with custom rules to detect and block requests attempting to invoke the clear_all_log() function or similar suspicious API calls. 4. Restrict access to WordPress admin and plugin endpoints using IP whitelisting or VPN access to reduce exposure. 5. Maintain regular backups of log files and website data to enable recovery in case of tampering. 6. Stay informed on vendor advisories for patch releases and apply updates promptly once available. 7. Conduct security audits and penetration tests focusing on plugin vulnerabilities and authorization checks. 8. Employ logging and monitoring solutions external to the WordPress environment to ensure log integrity and availability even if local logs are cleared.