Unauthorized Data Modification in Ai Auto Tool Content Writing Assistant for WordPress
CVE-2025-12156

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Ai Auto Tool Content Writing Assistant (gemini Writer, Chatgpt ) All In One
Vendor: CVE Published:; 4 November 2025

What is CVE-2025-12156?

The Ai Auto Tool Content Writing Assistant plugin for WordPress possesses a vulnerability that allows authenticated attackers with Subscriber-level access and above to manipulate data due to a missing capability check in the save_post_data() function. This flaw enables these users to create and publish arbitrary posts on the affected WordPress sites, posing significant risks to site integrity and content reliability.

Affected Version(s)

Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One 2.0.7 <= 2.2.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/ai-auto-tool/

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2025
Vulnerability Reserved
Oct 24, 2025

Credit

Kenneth Dunn

JSON