Description
WordPress Plugin Profile Builder-User Profile & User Registration Forms is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently gain administrative access to the website. WordPress Plugin Profile Builder-User Profile & User Registration Forms version 3.4.8 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 3.4.9 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:C142E738-BC4B-4058-A03E-1BE6FCA47207
https://plugins.svn.wordpress.org/profile-builder/trunk/readme.txt
Related Vulnerabilities
MySQL CVE-2021-2356 Vulnerability (CVE-2021-2356)
WordPress Plugin Timeline Calendar SQL Injection (1.2)
WordPress Plugin DFD Reddcoin Tips Cross-Site Scripting (1.1.1)
WordPress Plugin Contact Form 7 Database Addon-CFDB7 Unspecified Vulnerability (1.2.5.3)
Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24598)