Description
WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently gain administrative access to the website. WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor version 3.4.8 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 3.4.9 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:C142E738-BC4B-4058-A03E-1BE6FCA47207
https://plugins.svn.wordpress.org/profile-builder/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin HDW WordPress Video Gallery Multiple Cross-Site Scripting Vulnerabilities (1.2)
WordPress Plugin Ultimate Instagram Feed Cross-Site Scripting (1.2)
WordPress Plugin The Welcomizer 'twiz-index.php' Cross-Site Scripting (1.3.9.4)
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15732)