The User Profile Builder plugin for WordPress has a security vulnerability that can be exploited by attackers with certain levels of access. This can result in harmful scripts being injected into pages that users access. This can only happen if the plugin’s GDPR Communication Preferences module is enabled and a specific field has been added to the user profile form.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
