CVE-2025-4672
📋 TL;DR
The Offsprout Page Builder WordPress plugin contains an authorization vulnerability that allows authenticated users with Contributor-level access or higher to escalate their privileges to Administrator. Attackers can modify user metadata, including their own capabilities, to gain full administrative control. This affects WordPress sites running vulnerable plugin versions.
💻 Affected Systems
- Offsprout Page Builder WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover where attackers gain administrator access, install backdoors, steal sensitive data, deface the site, or use it for further attacks.
Likely Case
Attackers with existing low-level access (Contributor+) escalate to Administrator and compromise the WordPress installation.
If Mitigated
If proper access controls and monitoring are in place, privilege escalation attempts are detected and blocked before full compromise.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has Contributor-level credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.15.3
Vendor Advisory: https://wordpress.org/plugins/offsprout-page-builder/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Offsprout Page Builder. 4. Click 'Update Now' if available, or manually update to version 2.15.3+. 5. Verify update completes successfully.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Offsprout Page Builder plugin until patched
wp plugin deactivate offsprout-page-builder
Restrict user roles
allTemporarily disable Contributor and Author roles or limit user registration
🧯 If You Can't Patch
- Implement strict access controls and monitor user role changes
- Use web application firewall rules to block suspicious API requests to the vulnerable endpoint
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Offsprout Page Builder → Version. If between 2.2.1 and 2.15.2 inclusive, vulnerable.Check Version:
wp plugin get offsprout-page-builder --field=versionVerify Fix Applied:
Confirm plugin version is 2.15.3 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual user role changes from Contributor/Author to Administrator
- Multiple API requests to /wp-json/offsprout/v1/extensions endpoint
- Suspicious user_meta modifications in database logs
Network Indicators:
- POST requests to WordPress REST API endpoints with privilege escalation parameters
SIEM Query:
source="wordpress" AND (event="user_role_change" OR uri_path="/wp-json/offsprout/v1/extensions")🔗 References
- https://plugins.trac.wordpress.org/browser/offsprout-page-builder/tags/2.15.2/api/class-offsprout-api-extensions.php#L5
- https://plugins.trac.wordpress.org/browser/offsprout-page-builder/tags/2.15.2/api/class-offsprout-api-extensions.php#L514
- https://wordpress.org/plugins/offsprout-page-builder/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9269d18d-8d83-43ff-b777-ba8f58321e9e?source=cve
