Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Profile Builder Pro 3.3.3

  • Severity: high-risk
  • Status: Fixed
  • Publication: December 4, 2020

The Profile Builder/Profile Builder Pro plugins for WordPress have a vulnerability that allows unauthorized users to access sensitive information stored in the database. This vulnerability exists because the user supplied parameter is not properly escaped and the existing SQL query is not properly prepared, making it possible for malicious users to append additional SQL queries and extract sensitive information. This vulnerability affects all versions up to 3.3.2.

Detected in:

Profile Builder – User Profile & User Registration Forms fixed vulnerable versions: >= * < 3.3.3
Profile Builder Pro fixed vulnerable versions: >= * < 3.3.3
User Profile Builder – Beautiful User Registration Forms & User Profiles fixed vulnerable versions:
User Profile Builder – Beautiful User Registration Forms, User Profile & User Role Editor fixed vulnerable versions:
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.