How to fix CVE-2025-12879?

Within 24 hours: Audit all user accounts created in the past 90 days for suspicious administrator accounts; disable the User Generator and Importer plugin immediately if not actively required. Within 7 days: Deactivate and uninstall the plugin from all affected WordPress instances; identify and implement alternative user management solutions. Within 30 days: Review security policies for plugin vetting and establish a process to monitor CVE alerts for all installed plugins; conduct a full security assessment of WordPress environments.

Is PHP affected by CVE-2025-12879?

A critical vulnerability in the WordPress User Generator and Importer plugin allows attackers to create administrator accounts on affected websites by tricking site administrators into clicking malicious links.

CVE-2025-12879

EUVD-2025-201400 HIGH

2025-12-05 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2025-201400

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

CVE Published

Dec 05, 2025 - 10:15 nvd

HIGH 8.8

Description

The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the "Import Using CSV File" function. This makes it possible for unauthenticated attackers to elevate user privileges by creating arbitrary accounts with administrator privileges via a forged request, provided they can trick a site administrator into performing an action such as clicking on a link.

Analysis

Technical Context

Cross-Site Request Forgery forces authenticated users to perform unintended actions by tricking their browser into sending forged requests. This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352).

Remediation

Implement anti-CSRF tokens for all state-changing operations. Use SameSite cookie attribute. Verify the Origin/Referer header on the server side.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +44

POC: 0

CVE-2025-12879 vulnerability details – vuln.today

Back

CVE-2025-12879

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Remediation

Priority Score

Share

CVE-2025-12879

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Remediation

Priority Score

Share

External POC / Exploit Code