CVE-2025-4965 is a stored Cross-Site Scripting (XSS) vulnerability found in the WPBakery Page Builder plugin for WordPress, specifically affecting all versions up to and including 8.4.1. The vulnerability arises from improper neutralization of user-supplied input during web page generation within the plugin's Grid Builder feature. Authenticated users with author-level privileges or higher can exploit this flaw by injecting malicious JavaScript code into pages or posts. Because the injected script is stored persistently, it executes whenever any user accesses the compromised page, potentially leading to session hijacking, privilege escalation, or redirection to malicious sites. The vulnerability is classified under CWE-79, indicating insufficient input sanitization and output escaping. The CVSS v3.1 base score is 6.4 (medium severity), with an attack vector of network (remote), low attack complexity, requiring privileges (author-level), no user interaction, and a scope change, impacting confidentiality and integrity but not availability. No known exploits are reported in the wild yet. The vulnerability affects a widely used WordPress plugin, which is popular among European organizations for website content management and e-commerce, making it a relevant threat vector in this region. The absence of a patch at the time of reporting increases the urgency for mitigation through configuration and access control measures.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of their web platforms. Exploitation could allow attackers to execute arbitrary scripts in the context of the affected website, potentially stealing session cookies, defacing content, or injecting malicious payloads that compromise user trust and data privacy. Given the GDPR regulatory environment, any data leakage or unauthorized access resulting from such an attack could lead to substantial legal and financial penalties. Organizations relying on WPBakery Page Builder for customer-facing websites, intranets, or e-commerce portals are particularly at risk. The scope of impact extends to any user visiting the compromised pages, including employees and customers, increasing the potential for widespread damage. Additionally, the vulnerability requires authenticated access at author level, which means insider threats or compromised user accounts can be leveraged to exploit this flaw. The medium CVSS score reflects moderate ease of exploitation but significant potential damage to confidentiality and integrity, which is critical for maintaining operational security and compliance in European contexts.

Immediately restrict author-level and higher privileges to trusted users only, enforcing strong authentication and monitoring for suspicious activity. Implement Web Application Firewall (WAF) rules specifically targeting WPBakery Page Builder Grid Builder inputs to detect and block malicious script payloads. Regularly audit user-generated content and pages created with the Grid Builder feature for suspicious or unauthorized scripts. Disable or limit the use of the Grid Builder feature if feasible until an official patch or update is released. Ensure WordPress core and all plugins, including WPBakery Page Builder, are kept up to date with the latest security releases once available. Apply Content Security Policy (CSP) headers to restrict the execution of inline scripts and reduce the impact of XSS attacks. Conduct user training to raise awareness about the risks of privilege misuse and the importance of secure content management practices. Monitor logs for unusual activity patterns related to page creation or modification by author-level users.