The Offsprout Page Builder plugin for WordPress versions 2.2.1 through 2.15.2 contains a critical vulnerability identified as CVE-2025-4672, classified under CWE-285 (Improper Authorization). The root cause is an insufficient authorization check in the permission_callback() function, which governs access to user meta operations. Authenticated users with Contributor-level privileges or higher can exploit this flaw to manipulate user meta data arbitrarily. This includes the ability to modify their own wp_capabilities meta key to escalate their privileges to administrator level, effectively gaining full control over the WordPress site. The vulnerability is remotely exploitable over the network without requiring additional user interaction. The CVSS v3.1 base score is 8.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and only requiring low privileges to exploit. No official patches or updates are linked yet, and no known exploits have been reported in the wild as of the publication date. This vulnerability poses a significant risk to any WordPress site using the affected Offsprout Page Builder versions, especially those with multiple contributors or editors.

If exploited, this vulnerability allows attackers to fully compromise WordPress sites by escalating their privileges from Contributor or higher to Administrator. This leads to complete control over site content, user accounts, and potentially the underlying server environment if further exploits are chained. Confidentiality is severely impacted as attackers can read sensitive user meta data. Integrity is compromised because attackers can modify or delete user data and site content. Availability may also be affected if attackers disrupt site operations or lock out legitimate administrators. The ease of exploitation and the widespread use of WordPress and the Offsprout Page Builder plugin amplify the risk, potentially affecting thousands of websites globally. Organizations relying on this plugin for content management face risks of data breaches, defacement, unauthorized access, and loss of trust.

1. Immediately upgrade the Offsprout Page Builder plugin to a version where this vulnerability is patched once available. 2. Until a patch is released, restrict Contributor-level and higher access to trusted users only. 3. Implement strict role-based access control (RBAC) and audit user permissions regularly. 4. Monitor user meta changes and WordPress logs for unusual privilege escalations or metadata modifications. 5. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious API calls targeting user meta endpoints. 6. Consider disabling or limiting REST API access for non-administrative users if feasible. 7. Maintain regular backups of WordPress sites to enable recovery in case of compromise. 8. Educate site administrators about the risks and signs of privilege escalation attacks.