Description
The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handle_enqueue_only() function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary products.
Published: 2025-12-06
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthenticated deletion of products via improper authorization
Action: Apply Patch
AI Analysis

Impact

The g-FFL Cockpit plugin for WordPress contains an IP‑based authorization flaw that can be spoofed in the handle_enqueue_only() routine; as a result, attackers who are not logged in can delete any product created in the system. This flaw allows loss of data and availability damage but does not grant code execution or broader system compromise.

Affected Systems

All installations of the garidium:g-FFL Cockpit plugin that are version 1.7.1 or earlier are affected. These are WordPress sites that have uploaded g-FFL Cockpit to manage product listings.

Risk and Exploitability

The vulnerability scores a CVSS of 5.3, indicating moderate severity, and the EPSS is below 1 %, meaning the current likelihood of exploitation is very low. It is not listed in the CISA KEV catalog. Based on the description, the likely attack vector involves the attacker forging an IP address recognized by the plugin, triggering the deletion routine without authenticating. Once exploited, the attacker can remove arbitrary product entries, potentially disrupting storefronts or catalogs.

Generated by OpenCVE AI on April 21, 2026 at 17:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to g-FFL Cockpit plugin version 1.7.2 or later, which removes the IP‑based authorization in handle_enqueue_only().
  • If a plugin update is not immediately possible, configure the web server or application firewall to allow the plugin’s product deletion endpoints only from trusted IP ranges and block other requests.
  • Modify the plugin code in the handle_enqueue_only() function to perform proper role‑based authorization checks for each user, ensuring only users with product‑management privileges can delete products.

Generated by OpenCVE AI on April 21, 2026 at 17:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
References

Tue, 09 Dec 2025 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Mon, 08 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 06 Dec 2025 06:00:00 +0000

Type Values Removed Values Added
Description The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handle_enqueue_only() function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary products.
Title g-FFL Cockpit <= 1.7.1 - Improper Authorization to Unauthenticated Product Deletion
Weaknesses CWE-285
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:45:38.927Z

Reserved: 2025-11-04T21:20:38.590Z

Link: CVE-2025-12720

cve-icon Vulnrichment

Updated: 2025-12-08T21:09:25.539Z

cve-icon NVD

Status : Deferred

Published: 2025-12-06T06:15:50.730

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-12720

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T17:45:16Z

Weaknesses