Platform
wordpress
Component
tnc-toolbox-web-performance
Fixed in
1.4.3
CVE-2025-12539 affects the TNC Toolbox: Web Performance plugin for WordPress. The vulnerability stems from insecure storage of cPanel API credentials within the plugin's files, making them accessible to unauthenticated users. Successful exploitation can lead to severe consequences, including unauthorized access to the cPanel API and subsequent compromise of the entire WordPress installation. Versions 1.0.0 through 1.4.2 are vulnerable, and a patch is available in version 1.4.3.
The primary impact of CVE-2025-12539 is the exposure of cPanel API credentials. An attacker who gains access to these credentials can leverage them to perform a wide range of malicious actions within the affected cPanel environment. This includes, but is not limited to, arbitrary file uploads, modification of website content, creation of new user accounts with administrative privileges, and ultimately, remote code execution (RCE). The blast radius extends beyond the WordPress site itself, potentially impacting other services hosted within the same cPanel account. The ability to upload arbitrary files opens the door to deploying webshells, enabling persistent access and control over the server. Given the sensitive nature of cPanel API credentials, this vulnerability represents a significant security risk.
CVE-2025-12539 has a CRITICAL CVSS score of 10, indicating a high probability of exploitation. While no public Proof-of-Concept (PoC) code has been publicly released as of the publication date (2025-11-11), the ease of exploitation and the potential impact make it a likely target for malicious actors. The vulnerability is not currently listed on KEV or EPSS, but given its severity, it warrants close monitoring. The NVD and CISA have not yet published advisories related to this CVE.
Exploit Status
EPSS
0.34% (56% percentile)
CISA SSVC
CVSS Vector
The most effective mitigation for CVE-2025-12539 is to immediately upgrade the TNC Toolbox: Web Performance plugin to version 1.4.3 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily restricting access to the plugin's configuration files within the wp-content directory. This can be achieved through file system permissions or web server configuration. Implement a Web Application Firewall (WAF) with rules to detect and block attempts to access or modify the plugin's settings files. Monitor WordPress logs for suspicious activity, particularly attempts to access or modify files within the wp-content directory. After upgrading, verify the fix by confirming that the cPanel API credentials are no longer stored in plain text within the plugin's files.
Actualice el plugin TNC Toolbox: Web Performance a la versión 1.4.3 o superior para mitigar la vulnerabilidad. Esta actualización protege las credenciales de la API de cPanel almacenadas, previniendo la exposición de información sensible y posibles ataques.
Vulnerability analysis and critical alerts directly to your inbox.
It's a critical privilege escalation vulnerability in the TNC Toolbox: Web Performance WordPress plugin that exposes cPanel API credentials.
If you're using the TNC Toolbox: Web Performance plugin in versions 1.0.0 through 1.4.2, you are vulnerable.
Upgrade the plugin to version 1.4.3 or later. If immediate upgrade isn't possible, restrict access to the plugin's configuration files.
No public exploits are known as of 2025-11-11, but the high severity makes it a likely target.
Refer to the official WordPress vulnerability database (NVD) and CISA advisories when they are published, and the plugin developer's website.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.