CVE-2025-4672 – Offsprout Page Builder WordPress Privilege Escalation Vulnerability

May 31, 2025

CVE ID : CVE-2025-4672

Published : May 31, 2025, 7:15 a.m. | 44 minutes ago

Description : The Offsprout Page Builder plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization placed on the permission_callback() function in versions 2.2.1 to 2.15.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to read, create, update or delete any user meta, including flipping their own wp_capabilities to administrator and fully escalate their privileges.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4631 – WordPress Profitori Plugin Privilege Escalation Vulnerability

Next Article CVE-2025-4590 – Daisycon prijsvergelijkers WordPress Stored Cross-Site Scripting Vulnerability

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Smashing Animations Part 4: Optimising SVGs

I test AI tools for a living. Here are 3 image generators I actually use and how

The world’s smallest 65W USB-C charger is my latest travel essential

This Spotlight alternative for Mac is my secret weapon for AI-powered search

Tech prophet Mary Meeker just dropped a massive report on AI trends – here’s your TL;DR

Beyond AEM: How Adobe Sensei Powers the Full Enterprise Experience

Beyond AEM: How Adobe Sensei Powers the Full Enterprise Experience

Simplify Negative Relation Queries with Laravel’s whereDoesntHaveRelation Methods

Cast Model Properties to a Uri Instance in 12.17

My Favorite Obsidian Plugins and Their Hidden Settings

My Favorite Obsidian Plugins and Their Hidden Settings

Rilasciata /e/OS 3.0: Nuova Vita per Android Senza Google, Più Privacy e Controllo per l’Utente

Rilasciata Oracle Linux 9.6: Scopri le Novità e i Miglioramenti nella Sicurezza e nelle Prestazioni

CVE-2025-4672 – Offsprout Page Builder WordPress Privilege Escalation Vulnerability

HPE StoreOnce Faces Critical CVE-2025-37093 Vulnerability — Urges Immediate Patch Upgrade

CISA Adds Qualcomm Vulnerabilities to KEV Catalog

How Krikey AI harnessed the power of Amazon SageMaker Ground Truth to accelerate generative AI development

$75 million record-breaking ransom paid to cybercriminals, say researchers

How Red Hat just quietly, radically transformed enterprise server Linux

This tiny chip can safeguard user data while enabling efficient computing on a smartphone

TokenBridge: Bridging The Gap Between Continuous and Discrete Token Representations In Visual Generation

CMU Researchers Propose QueRE: An AI Approach to Extract Useful Features from a LLM

Mark Zuckerberg says Meta is developing AI friends to beat “the loneliness epidemic” — after Bill Gates claimed AI will replace humans for most things

Hiring Kit: IT Audit Director

CVE-2025-4672 – Offsprout Page Builder WordPress Privilege Escalation Vulnerability

Related Posts