CVE-2025-4631
Published: 31 May 2025
Summary
CVE-2025-4631 is a critical-severity Improper Authorization (CWE-285) vulnerability in Wordpress (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 21.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The Profitori plugin for WordPress, in versions 2.0.6.0 through 2.1.1.3, is affected by a privilege escalation vulnerability (CWE-285) caused by a missing capability check on the stocktend_object endpoint. This flaw allows the save_object_as_user() function to be invoked for objects whose _datatype is set to users, resulting in arbitrary strings being written directly into the wp_capabilities user meta field.
Unauthenticated attackers can exploit the issue over the network to modify the capabilities of an existing user account or a newly created one, elevating it to administrator level and obtaining full control over the WordPress site. The vulnerability carries a CVSS 3.1 score of 9.8.
The provided references consist of source code links within the plugin and the public WordPress plugin directory page; they do not describe specific patches, fixed versions, or mitigation steps. The associated EPSS score remains flat at a low value of 0.0111 with no material increase observed after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-16542
Vulnerability details
The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktend_object endpoint in versions 2.0.6.0 to 2.1.1.3. This makes it possible to trigger the save_object_as_user() function for objects whose '_datatype' is set…
more
to 'users',. This allows unauthenticated attackers to write arbitrary strings straight into the user’s wp_capabilities meta field, potentially elevating the privileges of an existing user account or a newly created one to that of an administrator.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Documented procedures facilitate correct implementation and ongoing management of authorization decisions.
Periodic reviews identify and correct flaws in authorization decisions or enforcement.
The control's documentation requirement reduces improper authorization by ensuring only mission-justified actions bypass authentication.
Establishing permitted attributes and values, plus auditing changes, ensures authorization decisions are based on correctly managed policy data.
Explicitly mandates authorizing remote access types before permitting connections, directly mitigating improper authorization.
The control explicitly requires authorization of each wireless access type prior to permitting connections.
Mandating explicit authorization of mobile device connections reduces the risk of improper authorization decisions for system access.
Specifying access authorizations for each account and requiring approvals for account requests enforces proper authorization decisions.