CVE-2025-4671 – The Profile Builder WordPress plugin has a stor... (How to Fix)

📋 TL;DR

The Profile Builder WordPress plugin has a stored XSS vulnerability in its user_meta and compare shortcodes. Authenticated attackers with contributor-level access or higher can inject malicious scripts that execute when users view affected pages. This affects all versions up to and including 3.13.8.

💻 Affected Systems

Products:

Profile Builder WordPress Plugin

Versions: All versions up to and including 3.13.8

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Profile Builder plugin enabled. Contributor-level or higher access needed for exploitation.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal admin credentials, redirect users to malicious sites, deface websites, or perform actions as authenticated users.

🟠

Likely Case

Attackers inject malicious scripts to steal session cookies or user data from visitors viewing compromised pages.

🟢

If Mitigated

With proper user role management and content review, impact is limited to potential defacement of specific pages.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once attacker has contributor privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.13.9 or later

Vendor Advisory: https://wordpress.org/plugins/profile-builder/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins > Installed Plugins
3. Find Profile Builder plugin
4. Click 'Update Now' if available
5. Alternatively, download latest version from WordPress repository and replace plugin files

🔧 Temporary Workarounds

Remove Contributor Access

all

Temporarily restrict contributor-level access to prevent exploitation

Disable Shortcodes

all

Remove or disable user_meta and compare shortcodes from pages/posts

🧯 If You Can't Patch

Implement strict user role management and review all contributor content
Deploy web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check Profile Builder plugin version in WordPress admin panel under Plugins > Installed Plugins

Check Version:

wp plugin list --name=profile-builder --field=version

Verify Fix Applied:

Verify plugin version is 3.13.9 or higher and test shortcode functionality

📡 Detection & Monitoring

Log Indicators:

Unusual shortcode modifications in page/post edits by contributors
Suspicious script tags in content

Network Indicators:

Unexpected script loads from WordPress pages

SIEM Query:

source="wordpress" AND (event="post_modified" OR event="page_modified") AND user_role="contributor" AND content CONTAINS "user_meta" OR content CONTAINS "compare"

📊 Metadata

CVE ID: CVE-2025-4671

CVSS v3 Score: 6.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.05% exploit probability (14.9th percentile)

Published: June 3, 2025

Last Updated: June 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4671, you might also want to check these: