Description
WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently create new user accounts with admin privileges. WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor version 2.3.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.3.6 or latest
References
Related Vulnerabilities
WordPress Plugin CKEditor for WordPress Cross-Site Scripting (4.5.3)
Oracle Application Server Other Vulnerability (CVE-2001-1217)
WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (6.0.11)
Oracle Database Server CVE-2012-3220 Vulnerability (CVE-2012-3220)
WordPress Plugin WP-Forum 'sendmail.php' SQL Injection (1.7.8)