Profile Builder < 3.9.8 – Unauthenticated Plugin's Pages Creation | CVE 2023-4059 | Plugin Vulnerabilities

Description

The plugin lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog

Proof of Concept

1. Access the URL: https://example.com/wp-admin/admin-post.php?page=profile-builder-basic-info&wppb_create_pages=true&wppb_force_create_pages=true 
2. As a logged in user, see that the pages `/register`, `/log-in`, and `/edit-profile` have been created.

Affects Plugins

profile-builder

Fixed in 3.9.8

References

CVE

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Mesh3l_911

Submitter

Mesh3l_911

Submitter website

https://mesh3l911.github.io/tabs/about/

Submitter twitter

Verified

Yes

WPVDB ID

fc719d12-2f58-4d1f-b696-0f937e706842

Timeline

Publicly Published

2023-08-09 (about 2 years ago)

Added

2023-08-09 (about 2 years ago)

Last Updated

2023-08-09 (about 2 years ago)

Other

Published

Title

Published

2024-10-11

Title

ImagePress - Image Gallery < 1.3.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Post Title Update

Published

2025-06-05

Title

oik < 4.15.2 - Missing Authorization

Published

2025-06-05

Title

WordLift <= 3.54.5 - Missing Authorization

Published

2023-10-17

Title

Themify Ultra < 7.3.6 - Missing Authorization

Published

2025-09-22

Title

Ultimate Watermark < 1.1.1 - Missing Authorization