Description
WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently gain administrative access to the website. WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor version 3.4.8 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 3.4.9 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:C142E738-BC4B-4058-A03E-1BE6FCA47207
https://plugins.svn.wordpress.org/profile-builder/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Gutenberg Forms-WordPress Form Builder Arbitrary File Upload (2.2.9)
ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9041)
Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28923)
MySQL CVE-2012-3160 Vulnerability (CVE-2012-3160)
WordPress Plugin Images to WebP Multiple Vulnerabilities (1.8)