CVE-2025-12350

The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wp ajax nopriv dominokit option admin action AJAX endpoint in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update plugin settings.