CVE-2025-12189: The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPres
mediumvulnerability
security
Summary
A WordPress plugin called 'The Bread & Butter' has a security flaw called CSRF (cross-site request forgery, where an attacker tricks someone into performing an unwanted action on a website) in versions up to 7.10.1321. The flaw exists in the image upload function because it lacks proper nonce validation (a security token that verifies a request is legitimate), allowing attackers to upload malicious files that could lead to RCE (remote code execution, where an attacker runs commands on the website) if they can trick an admin into clicking a malicious link.
Vulnerability Details
CVSS Score
4.3(medium)
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Taxonomy References
CWE (Weakness Type)
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-12189
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 75%