{"data":{"id":"bfe5614a-31ce-4e30-9f90-2a6e2fc052b2","title":"CVE-2025-12189: The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPres","summary":"A WordPress plugin called 'The Bread & Butter' has a security flaw called CSRF (cross-site request forgery, where an attacker tricks someone into performing an unwanted action on a website) in versions up to 7.10.1321. The flaw exists in the image upload function because it lacks proper nonce validation (a security token that verifies a request is legitimate), allowing attackers to upload malicious files that could lead to RCE (remote code execution, where an attacker runs commands on the website) if they can trick an admin into clicking a malicious link.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-12189","publishedAt":"2025-12-05T06:16:06.573Z","cveId":"CVE-2025-12189","cweIds":["CWE-352"],"cvssScore":"4.3","cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["AI agents plugin for WordPress"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00035,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}