CVE-2025-12350
📋 TL;DR
The DominoKit WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to modify plugin settings via an AJAX endpoint. This affects all WordPress sites running DominoKit version 1.1.0 or earlier. Attackers can change configuration without any authentication.
💻 Affected Systems
- WordPress DominoKit Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could disable security features, inject malicious code, or reconfigure the plugin to enable further attacks, potentially leading to site compromise or data exposure.
Likely Case
Attackers will modify plugin settings to disable security controls, inject advertising/malware, or disrupt site functionality.
If Mitigated
With proper web application firewalls and monitoring, unauthorized changes would be detected and blocked before causing significant damage.
🎯 Exploit Status
The vulnerability requires no authentication and involves simple HTTP requests to a known endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.1.1 or later
Vendor Advisory: https://wordpress.org/plugins/dominokit/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find DominoKit plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin, then install latest version from WordPress repository.
🔧 Temporary Workarounds
Block vulnerable AJAX endpoint
linuxUse web application firewall or .htaccess to block access to the vulnerable endpoint
# Add to .htaccess:
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/wp-admin/admin-ajax\.php$
RewriteCond %{QUERY_STRING} action=dominokit_option_admin_action
RewriteRule ^ - [F]
🧯 If You Can't Patch
- Deactivate and remove the DominoKit plugin immediately
- Implement strict web application firewall rules to monitor and block unauthorized AJAX requests
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for DominoKit version 1.1.0 or earlierCheck Version:
# In WordPress root directory:
grep -r "Version:" wp-content/plugins/dominokit/dominokit.php | head -1Verify Fix Applied:
Verify DominoKit plugin version is 1.1.1 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=dominokit_option_admin_action from unauthenticated users
- Unusual plugin setting changes in WordPress logs
Network Indicators:
- HTTP POST requests to admin-ajax.php endpoint with dominokit_option_admin_action parameter from external IPs
SIEM Query:
source="wordpress" AND uri="/wp-admin/admin-ajax.php" AND query="action=dominokit_option_admin_action" AND user="-"