Plattform
wordpress
Komponente
user-importer-and-generator
Behoben in
1.2.3
CVE-2025-12879 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the User Generator and Importer plugin for WordPress. This flaw allows unauthenticated attackers to escalate user privileges by creating arbitrary accounts with administrator roles. The vulnerability impacts versions 1.0.0 through 1.2.2 of the plugin, and a fix is expected to be released by the plugin developers.
The primary impact of CVE-2025-12879 is the potential for unauthorized privilege escalation. An attacker can craft a malicious request, disguised as a legitimate action, and trick a site administrator into clicking a link or visiting a compromised page. This forged request, if successful, will create a new user account with administrator privileges, granting the attacker full control over the WordPress site. This could lead to data breaches, website defacement, malware injection, and other malicious activities. The ease of exploitation, combined with the potential for significant impact, makes this a serious security concern.
CVE-2025-12879 was publicly disclosed on 2025-12-05. While no public proof-of-concept (PoC) code has been released, the CSRF nature of the vulnerability makes it relatively straightforward to exploit. The plugin's popularity increases the likelihood of exploitation attempts. Monitor security advisories from WordPress and the plugin developer for updates and further information.
WordPress sites using the User Generator and Importer plugin in versions 1.0.0 through 1.2.2 are at risk. Shared hosting environments that utilize this plugin are particularly vulnerable, as they may not have the ability to quickly update plugins or implement custom security measures. Sites with a large number of administrators are also at increased risk, as the likelihood of an administrator clicking on a malicious link increases.
• wordpress: Use wp-cli to check the plugin version:
wp plugin list --status=active | grep 'User Generator and Importer'• wordpress: Search plugin files for the vulnerable function: grep -r "Import Using CSV File" /path/to/wordpress/wp-content/plugins/user-generator-and-importer/
• generic web: Monitor access logs for requests to the import endpoint with unusual parameters or originating from unexpected IP addresses.
• generic web: Check response headers for the presence of a strong Content Security Policy (CSP) header.
disclosure
Exploit-Status
EPSS
0.02% (6% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-12879 is to upgrade the User Generator and Importer plugin to a patched version as soon as it becomes available. Until a patch is released, consider implementing temporary workarounds. These may include restricting access to the import functionality, implementing stricter input validation on user creation forms, or using a WordPress security plugin that offers CSRF protection. Monitor WordPress access logs for suspicious activity, particularly requests related to user creation. After upgrading, verify the fix by attempting to create a new user with administrator privileges through a crafted URL – it should be rejected.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Vulnerability eingehend und setzen Sie Mitigationen basierend auf der Risikobereitschaft Ihrer Organisation ein. Es kann am besten sein, die betroffene Software zu deinstallieren und eine Alternative zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-12879 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress User Generator and Importer plugin, allowing attackers to create administrator accounts without authentication.
You are affected if you are using the User Generator and Importer plugin in versions 1.0.0–1.2.2. Upgrade to a patched version as soon as it becomes available.
Upgrade the User Generator and Importer plugin to a version that addresses the vulnerability. Until a patch is available, implement CSP headers and monitor user creation activity.
While no active exploitation has been confirmed, the ease of exploitation suggests it is likely to be targeted. Monitor your systems closely.
Refer to the WordPress plugin repository and security announcements for updates regarding this vulnerability.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.