WordPress Plugin Vulnerabilities

Profile Builder < 3.9.1 - Subscriber+ Arbitrary User Meta Disclosure

Description

The plugin does not validate the meta values to be retrieved via its user_meta shortcode, which could allow any logged in users, such as subscriber to retrieve sensitive user meta when the user_meta shortcode is enabled

Affects Plugins

Plugin icon
profile-builder
Fixed in 3.9.1

References

CVE
CVE-2023-0814
URL
https://lana.codes/lanavdb/512e7307-04a5-4d8b-8f79-f75f37784a9f/
URL
https://www.wordfence.com/blog/2023/03/vulnerability-patched-in-cozmolabs-profile-builder-plugin-information-disclosure-leads-to-account-takeover/

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
f8c6f9d8-3885-4eb3-b959-bc370b004983

Timeline

Publicly Published
2023-02-13 (about 3 years ago)
Added
2023-02-14 (about 3 years ago)
Last Updated
2023-04-27 (about 2 years ago)

Other

Published
Title
Published
2023-07-17
Title
Royal Elementor Addons < 1.3.71 - Unauthenticated API Key Disclosure
Published
2022-10-17
Title
WP < 6.0.3 - Content from Multipart Emails Leaked
Published
2022-03-22
Title
Ninja Forms < 3.6.8-wp - Unauthenticated Email Address Disclosure
Published
2025-12-29
Title
PopupKit <= 2.2.1 - Authenticated (Subscriber+) Information Exposure
Published
2024-07-11
Title
Olive One Click Demo Import <= 1.1.2 - Unauthenticated Information Exposure