Overview
CVE-2025-12189 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the “Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents” WordPress plugin. This vulnerability exists in all versions up to, and including, 7.10.1321. Successful exploitation could allow unauthenticated attackers to upload arbitrary files, potentially leading to remote code execution (RCE).
Technical Details
The vulnerability lies in the uploadImage() function within the Bread & Butter plugin. The function lacks proper nonce validation, making it susceptible to CSRF attacks. An attacker can craft a malicious request and trick a WordPress administrator into executing it (e.g., by clicking a link). Because the request originates from the administrator’s session, it will be processed by the plugin, allowing the attacker to upload arbitrary files. This uploaded file could be a PHP script or other executable file, enabling remote code execution on the server.
Specifically, the vulnerable code is within src/Base/Ajax.php, around line 411, as seen on the WordPress plugin repository.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) assigns CVE-2025-12189 a score of 4.3, indicating a MEDIUM severity. The CVSS vector is likely AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This score reflects the following:
- Attack Vector (AV:N): Network – The vulnerability can be exploited over the network.
- Attack Complexity (AC:L): Low – The attack is relatively easy to execute.
- Privileges Required (PR:N): None – No privileges are required to initiate the attack.
- User Interaction (UI:R): Required – User interaction (e.g., clicking a link) is required.
- Scope (S:U): Unchanged – An exploited vulnerability can only affect resources managed by the same security authority.
- Confidentiality Impact (C:N): None – There is no impact to confidentiality.
- Integrity Impact (I:L): Low – There is a limited impact to integrity (e.g., attacker can modify some data).
- Availability Impact (A:N): None – There is no impact to availability.
Possible Impact
The primary impact of this vulnerability is the potential for Remote Code Execution (RCE). By uploading malicious files, attackers can gain control of the affected WordPress website. This can lead to:
- Website defacement
- Data theft
- Malware distribution
- Server compromise
- Spam campaigns
While the attack requires user interaction, the consequences of a successful exploit can be severe.
Mitigation or Patch Steps
The recommended mitigation is to update the Bread & Butter plugin to the latest version. Check the WordPress plugin repository for the most recent release. Ensure that the updated version addresses the CSRF vulnerability in the uploadImage() function by implementing proper nonce validation. If an update is not yet available, consider temporarily disabling the plugin until a patched version is released.
General security best practices for WordPress should also be followed:
- Keep WordPress core, themes, and plugins updated.
- Use strong passwords for all user accounts.
- Implement a web application firewall (WAF).
- Regularly scan your website for malware.
References
GitHub Exploit Details
Vulnerable Code Snippet in Ajax.php
Ryan Kozak’s Analysis
Wordfence Threat Intelligence Report
