Plattform
wordpress
Komponente
wp-custom-login-page-logo
Behoben in
1.4.9
CVE-2025-12132 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the WP Custom Admin Login Page Logo plugin for WordPress. This vulnerability allows unauthenticated attackers to modify the plugin's settings by tricking a site administrator into performing actions via a forged request. The vulnerability impacts versions 0.0.0 through 1.4.8.4, and a patch is expected to be released by the plugin developer.
The primary impact of this CSRF vulnerability lies in the potential for unauthorized modification of the WP Custom Admin Login Page Logo plugin's settings. An attacker could leverage this to alter the login page's appearance, branding, or other configurations. While seemingly cosmetic, these changes could be used to obfuscate malicious login pages or redirect users to phishing sites, ultimately compromising user credentials. The attack relies on social engineering to trick an administrator into clicking a malicious link, making user awareness a crucial factor in mitigating the risk. Successful exploitation could lead to brand impersonation and user trust erosion.
CVE-2025-12132 was publicly disclosed on 2025-11-11. There are currently no known public exploits or active campaigns targeting this vulnerability. It is not listed on the CISA KEV catalog at the time of writing. The vulnerability's reliance on social engineering suggests a lower probability of widespread exploitation compared to vulnerabilities that can be exploited automatically.
WordPress websites utilizing the WP Custom Admin Login Page Logo plugin, particularly those with administrator accounts that are not protected by strong passwords or two-factor authentication, are at risk. Shared hosting environments where plugin updates are not managed centrally are also more vulnerable.
• wordpress / composer / npm:
grep -r 'wpclpl_save' /var/www/html/wp-content/plugins/wp-custom-admin-login-page-logo/• wordpress / composer / npm:
wp plugin list --status=all | grep 'wp-custom-admin-login-page-logo'• wordpress / composer / npm:
wp plugin update wp-custom-admin-login-page-logo• generic web: Inspect HTTP requests for the plugin's endpoints for missing or improperly validated CSRF tokens.
disclosure
Exploit-Status
EPSS
0.03% (8% Perzentil)
CISA SSVC
CVSS-Vektor
The immediate mitigation for CVE-2025-12132 is to upgrade the WP Custom Admin Login Page Logo plugin to a version that addresses the vulnerability. As a temporary workaround, consider implementing strict Content Security Policy (CSP) headers to restrict the sources from which the plugin can load resources. Additionally, enforce strong password policies and enable two-factor authentication (2FA) for all administrator accounts to reduce the risk of successful social engineering attacks. Monitor WordPress plugin activity logs for any suspicious modifications to the plugin's settings. After upgrading, verify the plugin's configuration and ensure no unauthorized changes have been made.
Aktualisieren Sie das Plugin WP Custom Admin Login Page Logo auf die neueste verfügbare Version, um die Cross-Site Request Forgery-Schwachstelle zu beheben. Stellen Sie sicher, dass Ihre WordPress-Installation auf dem neuesten Stand ist und dass alle Plugins und Themes aus vertrauenswürdigen Quellen stammen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-12132 is a Cross-Site Request Forgery (CSRF) vulnerability in the WP Custom Admin Login Page Logo plugin for WordPress, allowing attackers to modify plugin settings via forged requests.
You are affected if your WordPress site uses the WP Custom Admin Login Page Logo plugin in versions 0.0.0 through 1.4.8.4.
Upgrade the WP Custom Admin Login Page Logo plugin to a patched version. As a temporary workaround, implement strict CSP headers and enforce strong password policies.
There are currently no known public exploits or active campaigns targeting this vulnerability.
Refer to the plugin developer's website or WordPress.org plugin repository for updates and advisories related to CVE-2025-12132.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.