Description

WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently gain administrative access to the website. WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor version 3.4.8 is vulnerable; prior versions are also affected.

Remediation

Update to plugin version 3.4.9 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:C142E738-BC4B-4058-A03E-1BE6FCA47207

https://plugins.svn.wordpress.org/profile-builder/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin WooCommerce Cart Expiration PHP Object Injection (0.1.0)

WordPress Plugin Subscribe To Comments Reloaded Multiple Vulnerabilities (140204)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20507)

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-10678)

Coppermine Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7186)

Severity

High

Classification

CVE-2021-24527 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass