WordPress Plugin Vulnerabilities

Profile Builder < 3.13.9 - Unauthenticated Content Spoofing

Description

The plugin is vulnerable to Content Spoofing. This makes it possible for unauthenticated attackers to spoof content.

Affects Plugins

Plugin icon
profile-builder
Fixed in 3.13.9

References

CVE
CVE-2025-49292
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/7e8c8027-6340-40d7-b34a-34024d5b2d89

Classification

Type
CONTENT INJECTION
OWASP top 10
A1: Injection
CWE
CWE-345
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Trương Hữu Phúc (truonghuuphuc)
Verified
No
WPVDB ID
a5011cfe-2398-4feb-8b4c-c8949a878b33

Timeline

Publicly Published
2025-06-05 (about 11 months ago)
Added
2025-06-11 (about 11 months ago)
Last Updated
2025-06-11 (about 11 months ago)

Other

Published
Title
Published
2024-06-27
Title
WooCommerce < 9.0.0 - Shop Manager+ Content Injection
Published
2025-01-03
Title
Poll Maker < 5.5.5 - Unauthenticated HTML Injection
Published
2024-04-22
Title
Pricing Table by Supsystic < 1.9.13 - Admin+ Content Injection
Published
2023-10-03
Title
WP Content Pilot – Autoblogging & Affiliate Marketing Plugin < 1.3.4 - Authenticated (Contributor+) Content Injection
Published
2024-06-03
Title
Claudio Sanches – Checkout Cielo for WooCommerce <= 1.1.0 - Insufficient Verification of Data Authenticity to Order Payment Status Update