Description
WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently gain administrative access to the website. WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor version 3.4.8 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 3.4.9 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:C142E738-BC4B-4058-A03E-1BE6FCA47207
https://plugins.svn.wordpress.org/profile-builder/trunk/readme.txt
Related Vulnerabilities
Apache HTTP Server Other Vulnerability (CVE-2015-0253)
Jenkins Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-2101)
TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-31050)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-6830)