Skip to main content

CVE-2025-4593: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in avimegladon WP Register Profile With Shortcode

Medium
VulnerabilityCVE-2025-4593cvecve-2025-4593cwe-200
Published: Fri Jul 11 2025 (07/11/2025, 07:22:59 UTC)
Source: CVE Database V5
Vendor/Project: avimegladon
Product: WP Register Profile With Shortcode

Description

The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'rp_user_data' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data from user meta like hashed passwords, usernames, and more.

AI-Powered Analysis

AILast updated: 07/11/2025, 07:47:02 UTC

Technical Analysis

CVE-2025-4593 is a vulnerability identified in the WordPress plugin 'WP Register Profile With Shortcode' developed by avimegladon. This plugin, up to and including version 3.6.2, contains a sensitive information exposure flaw classified under CWE-200. The vulnerability arises from the 'rp_user_data' shortcode functionality, which improperly restricts access to user meta data. Specifically, authenticated users with Contributor-level privileges or higher can exploit this flaw to retrieve sensitive information such as hashed passwords, usernames, and other user meta data that should remain confidential. The vulnerability does not require user interaction beyond authentication and can be exploited remotely over the network (AV:N). The attack complexity is low (AC:L), and the attacker must have at least Contributor-level privileges (PR:L). The vulnerability impacts confidentiality (C:H) but does not affect integrity or availability. The CVSS v3.1 base score is 6.5, indicating a medium severity level. No known exploits are currently reported in the wild, and no official patches have been linked yet. This vulnerability poses a significant risk because it allows lateral privilege escalation within WordPress sites by exposing sensitive user data that could be used for further attacks such as credential stuffing or privilege escalation.

Potential Impact

For European organizations, this vulnerability can lead to unauthorized disclosure of sensitive user information within WordPress-based websites that utilize the affected plugin. Exposure of hashed passwords and usernames can facilitate credential cracking attempts, potentially leading to account takeover and unauthorized access to protected resources. This is particularly concerning for organizations handling personal data under GDPR, as such a breach could result in regulatory penalties and reputational damage. Additionally, the ability for contributors (a relatively low privilege role) to access sensitive data increases the risk from insider threats or compromised contributor accounts. The vulnerability does not directly impact system availability or integrity but compromises confidentiality, which is critical for maintaining trust and compliance in sectors such as finance, healthcare, and government services prevalent in Europe.

Mitigation Recommendations

1. Immediate mitigation involves restricting Contributor-level users from accessing the 'rp_user_data' shortcode or disabling the shortcode functionality until a patch is available. 2. Administrators should audit user roles and permissions to ensure that only trusted users have Contributor or higher access. 3. Monitor WordPress logs for unusual access patterns or attempts to invoke the vulnerable shortcode. 4. Implement Web Application Firewall (WAF) rules to detect and block suspicious requests targeting the shortcode endpoint. 5. Regularly update the plugin once the vendor releases a patch addressing this vulnerability. 6. Consider replacing the plugin with alternative solutions that follow secure coding practices and have a strong security track record. 7. Educate site administrators and contributors about the risks of privilege misuse and enforce strong authentication mechanisms such as MFA to reduce the risk of compromised accounts.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Wordfence
Date Reserved
2025-05-12T15:32:43.438Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6870bdbba83201eaacacf6f2

Added to database: 7/11/2025, 7:31:07 AM

Last enriched: 7/11/2025, 7:47:02 AM

Last updated: 8/18/2025, 3:42:07 AM

Views: 20

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats