- Description
- The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktend_object endpoint in versions 2.0.6.0 to 2.1.1.3. This makes it possible to trigger the save_object_as_user() function for objects whose '_datatype' is set to 'users',. This allows unauthenticated attackers to write arbitrary strings straight into the user’s wp_capabilities meta field, potentially elevating the privileges of an existing user account or a newly created one to that of an administrator.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-285
- Hype score
- Not currently trending
CVE-2025-4631 - Profitori #WordPress #Plugin Privilege Escalation Exploit CVSS Score: 9.8 (Critical) PoC: https://t.co/g6LbSdCtW9 #CyberSecurity #hack https://t.co/tyZ9snHXwT
@Nxploited
31 May 2025
78 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
[CVE-2025-4631: CRITICAL] WordPress Profitori plugin has a vulnerability in versions 2.0.6.0 to 2.1.1.3, allowing unauthenticated attackers to escalate privileges through unauthorized user role changes. #Cyber...#cve,CVE-2025-4631,#cybersecurity https://t.co/7gNeqiTUp2 https://t.
@CveFindCom
31 May 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4631 The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktend_object endpoint in versions 2.0.6.0 to 2.1.1… https://t.co/cGY7OQ4GgA
@CVEnew
31 May 2025
421 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes