CVE-2023-6504 is a medium-severity vulnerability affecting the WordPress plugin 'User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor' developed by reflectionmedia. The vulnerability arises from a missing capability check in the function wppb_toolbox_usermeta_handler, which is responsible for handling user metadata. This flaw allows authenticated attackers with contributor-level privileges or higher to bypass authorization controls and access sensitive user metadata that they should not normally be able to view. The vulnerability is classified under CWE-639 (Authorization Bypass Through User-Controlled Key) and CWE-862 (Missing Authorization). The CVSS v3.1 base score is 4.3, indicating a medium severity level. The attack vector is network-based (remote), requires low attack complexity, and privileges of at least a contributor role, but no user interaction is needed. The impact is limited to confidentiality, with no integrity or availability impact. No known exploits are currently reported in the wild, and no official patches have been linked yet. Since the plugin is widely used for managing user registration forms, profiles, and roles on WordPress sites, this vulnerability could expose sensitive user metadata such as personal details or custom fields to unauthorized users who have contributor or higher access, potentially leading to privacy violations or information leakage within affected websites.

For European organizations using WordPress sites with the affected User Profile Builder plugin, this vulnerability poses a risk of unauthorized disclosure of sensitive user metadata. This could include personal data protected under GDPR, leading to compliance violations and potential regulatory penalties. The exposure of user metadata could also facilitate targeted phishing or social engineering attacks against users or employees. Since contributors and above can exploit this flaw, insider threats or compromised contributor accounts could be leveraged to extract sensitive information. While the vulnerability does not allow modification or deletion of data, the confidentiality breach alone can damage organizational reputation and trust. Organizations in sectors such as finance, healthcare, education, and government, which often handle sensitive personal data, are particularly at risk. The medium severity and lack of known exploits suggest a moderate immediate threat, but the potential for escalation exists if attackers combine this with other vulnerabilities or social engineering tactics.

European organizations should immediately audit their WordPress installations to identify the presence of the User Profile Builder plugin and its version. Until an official patch is released, the following specific mitigations are recommended: 1) Restrict contributor-level and higher user roles strictly to trusted personnel and review user role assignments to minimize unnecessary privileges. 2) Implement additional access control measures such as web application firewalls (WAFs) with custom rules to detect and block suspicious requests targeting the wppb_toolbox_usermeta_handler function. 3) Monitor logs for unusual access patterns or metadata queries by contributor-level users. 4) Consider temporarily disabling or uninstalling the plugin if it is not critical to operations. 5) Apply principle of least privilege to all WordPress user roles and enforce strong authentication mechanisms, including multi-factor authentication, to reduce the risk of account compromise. 6) Stay alert for official patches or updates from reflectionmedia and apply them promptly once available. 7) Conduct user awareness training to mitigate risks from insider threats and social engineering that could exploit this vulnerability.