Profile Builder and Profile Builder Pro < 3.1.1 – User Registration With Administrator Role

February 10, 2020
profile-builder-and-profile-builder-pro-3-1-1-user-registration-with-administrator-role Profile Builder and Profile Builder Pro < 3.1.1 – User Registration With Administrator Role
Description
The plugin is affected by a broken authentication vulnerability, allowing unauthenticated users to register or edit their account and gain the Administrator role using the plugin's forms. The vulnerability only exists in the Plugin's own generated Registration Form or Profile Edit Form. This means if the blog is using shortcode [wppb-register] or [wppb-edit-profile] then it is vulnerable. This is very obvious shortcode which holds the basic functionality of the plugin so admin must be using it 90% of time if installed. If blog isn't using [wppb-register] but using [wppb-edit-profile] then vulnerability is still valid if Registration is enabled. CVSS Score of the vulnerability is 9.

Source

Share this article:
 

eHost managed wordpress hosting

We’re listening.

Have something to say about this article? Share it with us on Facebook, Twitter or LinkedIn:

SHARE IT HERE:

Related Posts

How to make a WordPress website

How to make a WordPress website

Have you always wanted to create your own website? WordPress is the way to go! Whether you want to create your own personal blog, an online store, or a business website – with WordPress, creating your own website is easy as pie. If you know what you’re doing, of...

Get ALL Your SEO, WordPress & Divi News

Join Our Daily Roundup

SEO News and More

SEO News and More

Subscribe ToThe Weekly SEO Trade News Updates

Get the latest SEO, SEM and SMM marketing intel, tips and tricks from one of the best SEO Gurus online. 

Every Tuesday morning we send out an aggregated email listing all new posts on SEO Trade News.

Excellent! Now check your email to confirm your subscription.