Data Loss Vulnerability in Alt Text Generator Plugin for WordPress
CVE-2025-12113

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Alt Text Generator Ai – Auto Generate & Bulk Update Alt Texts For Images
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-12113?

The Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images plugin for WordPress exhibits a vulnerability where a missing capability check on the atgai_delete_api_key() function allows authenticated users with Subscriber-level access and above to delete the site's API key. This oversight can lead to unauthorized data loss, compromising the integrity and functionality of the affected WordPress installations.

Affected Version(s)

Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images * <= 1.8.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Oct 23, 2025

Credit

Abhirup Konwar

JSON