Really Simple Security logo

Log out
Get PRO

Latest

Authentication vulnerability in Profile Builder – User Profile & User Registration Forms 3.9.0

  • Severity: critical
  • Status: Fixed
  • Publication: February 13, 2023

The Profile Builder plugin for WordPress is vulnerable to an unauthorized password reset in versions 3.9.0 and earlier. This means that someone could gain access to an account on the website without permission. The plugin uses the plaintext value of a password reset key instead of a hashed value which makes it much easier to access. The vulnerability can be exploited using CVE-2023-0814 or another vulnerability

Detected in:

Profile Builder – User Profile & User Registration Forms fixed vulnerable versions: >= * <= 3.9.0
User Profile Builder – Beautiful User Registration Forms & User Profiles fixed vulnerable versions:
User Profile Builder – Beautiful User Registration Forms, User Profile & User Role Editor fixed vulnerable versions:
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.