3 matches found
CVE-2024-0324
CVE-2024-0324 affects the WordPress plugin User Profile Builder (Profile Builder) up to version 3.10.8. The root cause is a missing capability check in the wppb_two_factor_authentication_settings_update function, allowing unauthenticated attackers to enable/disable 2FA for arbitrary user roles in...
CVE-2024-0324 User Profile Builder <= 3.10.8 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppbtwofactorauthenticationsettingsupdate' function in all versions up to, and including...
WordPress Profile Builder Plugin <= 3.10.8 is vulnerable to Broken Access Control
Software Profile Builder Type Plugin Vulnerable versions = 3.10.8 Fixed in 3.10.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0324 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID c4fb0e8879d0 Credits kodaichodai Required...