CVE-2025-1777 is a security vulnerability identified in the BM Content Builder plugin developed by SeaTheme for WordPress. This vulnerability stems from a missing authorization check (CWE-862) in the function 'ux_cb_page_options_save' across all versions up to and including 3.16.2.1. Specifically, the plugin fails to properly verify whether an authenticated user has the necessary capabilities before allowing modifications to page options. As a result, any authenticated user with at least subscriber-level access can exploit this flaw to inject arbitrary web scripts into pages. These injected scripts execute whenever any user accesses the compromised page, effectively enabling cross-site scripting (XSS) attacks. The vulnerability has a CVSS 3.1 base score of 6.4, indicating a medium severity level. The attack vector is network-based (remote), requires low attack complexity, and privileges at the level of an authenticated user (PR:L). No user interaction is needed for the exploit to succeed, and the scope is changed, meaning the vulnerability affects components beyond the initially vulnerable plugin, potentially impacting the entire WordPress site. The confidentiality and integrity of the affected systems are at risk due to the ability to inject malicious scripts, which could lead to session hijacking, credential theft, or further compromise of the website and its visitors. Availability impact is not significant. No known exploits are currently reported in the wild, and no patches have been linked yet, emphasizing the need for immediate attention and mitigation by site administrators using this plugin.

For European organizations, this vulnerability poses a significant risk, especially for those relying on WordPress sites with the BM Content Builder plugin installed. The ability for low-privileged authenticated users to inject malicious scripts can lead to data breaches involving personal data of EU citizens, potentially violating GDPR regulations. Attackers could leverage this to steal user credentials, perform phishing attacks, or distribute malware, damaging organizational reputation and causing financial loss. Since WordPress is widely used across Europe for corporate websites, e-commerce platforms, and informational portals, the scope of impact is broad. The vulnerability could also be exploited to deface websites or disrupt user trust, which is critical for businesses operating in competitive markets. Additionally, compromised sites might be blacklisted by search engines or security services, further affecting business operations. The medium severity rating suggests that while the vulnerability is not immediately catastrophic, it is sufficiently serious to warrant prompt remediation to prevent escalation or chaining with other vulnerabilities.

Organizations should immediately audit their WordPress installations to identify the presence of the BM Content Builder plugin, particularly versions up to 3.16.2.1. Until an official patch is released, administrators should restrict subscriber-level user capabilities or disable the plugin if feasible. Implementing strict user role management and minimizing the number of users with authenticated access can reduce the attack surface. Web Application Firewalls (WAFs) with custom rules to detect and block suspicious script injections targeting the vulnerable function can provide temporary protection. Monitoring logs for unusual page modifications or script injections is also recommended. Once a patch becomes available, prompt application of updates is critical. Additionally, organizations should educate users about the risks of unauthorized script execution and enforce multi-factor authentication to reduce the risk of compromised accounts being used to exploit this vulnerability.