CVE-2025-12360

Name of the Vulnerable Software and Affected Versions Better Find and Replace – AI-Powered Suggestions plugin for WordPress versions through 1.7.7

Description The software is susceptible to unauthorized API usage because of a missing capability check within the rtafar ajax() function. This allows authenticated attackers with Subscriber-level access to initiate OpenAI API key usage, potentially leading to quota consumption and associated costs.

Recommendations Update to a version newer than 1.7.7.