CVE-2025-12360: 
WordPress vulnerability analysis and mitigation

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress (CVE-2025-12360) contains a vulnerability related to unauthorized API usage discovered on November 5, 2025. The vulnerability affects all versions up to and including 1.7.7 of the plugin. This security issue stems from a missing capability check in the rtafar_ajax() function (NVD, Rapid7).

The vulnerability is classified as an Improper Authorization issue (CWE-285) with a CVSS v3.1 base score of 4.3 (Medium). The security flaw exists due to insufficient authorization checks in the rtafar_ajax() function, which allows authenticated users with minimal privileges to make unauthorized API calls. The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, indicating that it can be exploited remotely with low attack complexity and requires low privileges (NVD).

The primary impact of this vulnerability is the potential for authenticated attackers with Subscriber-level access to trigger unauthorized OpenAI API key usage. This can result in quota consumption and potentially incur unexpected costs for the website owner (NVD, Rapid7).

Website administrators should update the Better Find and Replace plugin to a version newer than 1.7.7 as soon as it becomes available. Until a patch is released, administrators should consider temporarily disabling the plugin or restricting access to subscriber-level accounts (NVD).