Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Profile Builder – User Profile & User Registration Forms 2.5.8

  • Severity: medium-risk
  • Status: Fixed
  • Publication: March 10, 2017

The Profile Builder plugin for WordPress is not secure in versions before 2.5.8. If a user with high privileges uses the plugin, malicious code could be injected into pages. This code would execute each time someone visits the affected page, which could be used to cause harm to users or the website. To prevent this from happening, it is important to upgrade to the latest version of the plugin.

Detected in:

Profile Builder – User Profile & User Registration Forms fixed vulnerable versions: >= * < 2.5.8
User Profile Builder – Beautiful User Registration Forms & User Profiles fixed vulnerable versions:
User Profile Builder – Beautiful User Registration Forms, User Profile & User Role Editor fixed vulnerable versions:
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.