9 matches found
EUVD-2023-33803
Malicious code in bioql PyPI...
CVE-2023-2297 Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function...
WordPress Profile Builder 3.9.0 Missing Authorization
Description: Profile Builder – User Profile & User Registration Forms get’. Finally, the function returns the value of the retrieved ‘key’ for the given ‘userid’. During this process, capability checks are not properly implemented to ensure that the user executing the function is authorized to...
WordPress Profile Builder 3.9.0 Missing Authorization Vulnerability
WordPress Profile Builder plugin versions 3.9.0 and below suffer from a missing authorization vulnerability in wppbtoolboxusermetahandler. Description: Profile Builder – User Profile & User Registration Forms get’. Finally, the function returns the value of the retrieved ‘key’ for the given...
Vulnerability Patched in Cozmolabs Profile Builder Plugin – Information Disclosure Leads to Account Takeover
Hundreds, if not thousands of WordPress plugins are conceived with the idea of making site building and maintenance easier for site owners. They add features not available in WordPress Core that would otherwise require site owners to write their own code to extend functionality. However, these...
CVE-2023-0814 Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Sensitive Information Disclosure via Shortcode
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the usermeta shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that can be called via that...
CVE-2023-0814
The CVE-2023-0814 issue affects the WordPress plugin Profile Builder – User Profile & User Registration Forms. Affected versions: up to and including 3.9.0. Root cause: the user_meta shortcode exposes sensitive user meta due to insufficient restrictions, enabling authenticated subscribers (or hig...
CVE-2023-0814 Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Sensitive Information Disclosure via Shortcode
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the usermeta shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that can be called via that...
WordPress Profile Builder Plugin <= 3.9.0 is vulnerable to Sensitive Data Exposure
Software Profile Builder Type Plugin Vulnerable versions = 3.9.0 Fixed in 3.9.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0814 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 43ad15dcf7ab Credits István Márton Required...