CVE-2025-4965: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in WPBakery Page Builder for WordPress
The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Builder feature in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI Analysis
Technical Summary
CVE-2025-4965 is a stored Cross-Site Scripting (XSS) vulnerability found in the WPBakery Page Builder plugin for WordPress, specifically affecting all versions up to and including 8.4.1. The vulnerability arises from improper neutralization of user-supplied input during web page generation within the plugin's Grid Builder feature. Authenticated users with author-level privileges or higher can exploit this flaw by injecting malicious JavaScript code into pages or posts. Because the injected script is stored persistently, it executes whenever any user accesses the compromised page, potentially leading to session hijacking, privilege escalation, or redirection to malicious sites. The vulnerability is classified under CWE-79, indicating insufficient input sanitization and output escaping. The CVSS v3.1 base score is 6.4 (medium severity), with an attack vector of network (remote), low attack complexity, requiring privileges (author-level), no user interaction, and a scope change, impacting confidentiality and integrity but not availability. No known exploits are reported in the wild yet. The vulnerability affects a widely used WordPress plugin, which is popular among European organizations for website content management and e-commerce, making it a relevant threat vector in this region. The absence of a patch at the time of reporting increases the urgency for mitigation through configuration and access control measures.
Potential Impact
For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of their web platforms. Exploitation could allow attackers to execute arbitrary scripts in the context of the affected website, potentially stealing session cookies, defacing content, or injecting malicious payloads that compromise user trust and data privacy. Given the GDPR regulatory environment, any data leakage or unauthorized access resulting from such an attack could lead to substantial legal and financial penalties. Organizations relying on WPBakery Page Builder for customer-facing websites, intranets, or e-commerce portals are particularly at risk. The scope of impact extends to any user visiting the compromised pages, including employees and customers, increasing the potential for widespread damage. Additionally, the vulnerability requires authenticated access at author level, which means insider threats or compromised user accounts can be leveraged to exploit this flaw. The medium CVSS score reflects moderate ease of exploitation but significant potential damage to confidentiality and integrity, which is critical for maintaining operational security and compliance in European contexts.
Mitigation Recommendations
Immediately restrict author-level and higher privileges to trusted users only, enforcing strong authentication and monitoring for suspicious activity. Implement Web Application Firewall (WAF) rules specifically targeting WPBakery Page Builder Grid Builder inputs to detect and block malicious script payloads. Regularly audit user-generated content and pages created with the Grid Builder feature for suspicious or unauthorized scripts. Disable or limit the use of the Grid Builder feature if feasible until an official patch or update is released. Ensure WordPress core and all plugins, including WPBakery Page Builder, are kept up to date with the latest security releases once available. Apply Content Security Policy (CSP) headers to restrict the execution of inline scripts and reduce the impact of XSS attacks. Conduct user training to raise awareness about the risks of privilege misuse and the importance of secure content management practices. Monitor logs for unusual activity patterns related to page creation or modification by author-level users.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2025-4965: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in WPBakery Page Builder for WordPress
Description
The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Builder feature in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI-Powered Analysis
Technical Analysis
CVE-2025-4965 is a stored Cross-Site Scripting (XSS) vulnerability found in the WPBakery Page Builder plugin for WordPress, specifically affecting all versions up to and including 8.4.1. The vulnerability arises from improper neutralization of user-supplied input during web page generation within the plugin's Grid Builder feature. Authenticated users with author-level privileges or higher can exploit this flaw by injecting malicious JavaScript code into pages or posts. Because the injected script is stored persistently, it executes whenever any user accesses the compromised page, potentially leading to session hijacking, privilege escalation, or redirection to malicious sites. The vulnerability is classified under CWE-79, indicating insufficient input sanitization and output escaping. The CVSS v3.1 base score is 6.4 (medium severity), with an attack vector of network (remote), low attack complexity, requiring privileges (author-level), no user interaction, and a scope change, impacting confidentiality and integrity but not availability. No known exploits are reported in the wild yet. The vulnerability affects a widely used WordPress plugin, which is popular among European organizations for website content management and e-commerce, making it a relevant threat vector in this region. The absence of a patch at the time of reporting increases the urgency for mitigation through configuration and access control measures.
Potential Impact
For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of their web platforms. Exploitation could allow attackers to execute arbitrary scripts in the context of the affected website, potentially stealing session cookies, defacing content, or injecting malicious payloads that compromise user trust and data privacy. Given the GDPR regulatory environment, any data leakage or unauthorized access resulting from such an attack could lead to substantial legal and financial penalties. Organizations relying on WPBakery Page Builder for customer-facing websites, intranets, or e-commerce portals are particularly at risk. The scope of impact extends to any user visiting the compromised pages, including employees and customers, increasing the potential for widespread damage. Additionally, the vulnerability requires authenticated access at author level, which means insider threats or compromised user accounts can be leveraged to exploit this flaw. The medium CVSS score reflects moderate ease of exploitation but significant potential damage to confidentiality and integrity, which is critical for maintaining operational security and compliance in European contexts.
Mitigation Recommendations
Immediately restrict author-level and higher privileges to trusted users only, enforcing strong authentication and monitoring for suspicious activity. Implement Web Application Firewall (WAF) rules specifically targeting WPBakery Page Builder Grid Builder inputs to detect and block malicious script payloads. Regularly audit user-generated content and pages created with the Grid Builder feature for suspicious or unauthorized scripts. Disable or limit the use of the Grid Builder feature if feasible until an official patch or update is released. Ensure WordPress core and all plugins, including WPBakery Page Builder, are kept up to date with the latest security releases once available. Apply Content Security Policy (CSP) headers to restrict the execution of inline scripts and reduce the impact of XSS attacks. Conduct user training to raise awareness about the risks of privilege misuse and the importance of secure content management practices. Monitor logs for unusual activity patterns related to page creation or modification by author-level users.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-05-19T20:20:43.214Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6853b5d433c7acc04608c993
Added to database: 6/19/2025, 7:01:40 AM
Last enriched: 6/19/2025, 7:16:35 AM
Last updated: 8/17/2025, 9:55:02 AM
Views: 35
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.