Profile Builder < 3.9.8 – Unauthenticated Plugin's Pages Creation | CVE 2023-4059 | Plugin Vulnerabilities

Description

The plugin lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog

Proof of Concept

1. Access the URL: https://example.com/wp-admin/admin-post.php?page=profile-builder-basic-info&wppb_create_pages=true&wppb_force_create_pages=true 
2. As a logged in user, see that the pages `/register`, `/log-in`, and `/edit-profile` have been created.

Affects Plugins

profile-builder

Fixed in 3.9.8

References

CVE

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Mesh3l_911

Submitter

Mesh3l_911

Submitter website

https://mesh3l911.github.io/tabs/about/

Submitter twitter

Verified

Yes

WPVDB ID

fc719d12-2f58-4d1f-b696-0f937e706842

Timeline

Publicly Published

2023-08-09 (about 9 months ago)

Added

2023-08-09 (about 9 months ago)

Last Updated

2023-08-09 (about 9 months ago)

Other

Published

Title

Published

2023-07-17

Title

ProfileGrid < 5.5.3 - Group Owner+ Unauthorized Data Modification

Published

2022-05-23

Title

Like Button Rating < 2.6.45 - Arbitrary e-mail Sending

Published

2024-03-28

Title

YITH WooCommerce Account Funds Premium < 1.34.0 - Missing Authorization

Published

2022-09-12

Title

Photospace Gallery <= 2.3.5 - Subscriber+ Arbitrary Settings Update

Published

2024-02-14

Title

EventPrime – Events Calendar, Bookings and Tickets < 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval