CVE-2023-6504Authorization Bypass Through User-Controlled Key in Profile Builder

CWE-639Authorization Bypass Through User-Controlled KeyCWE-862Missing Authorization3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 60.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cozmoslabs Profile Builder
Timeline
PublishedJan 11

Description

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all versions up to, and including, 3.10.7. This makes it possible for authenticated attackers, with contributor-level access and above, to expose sensitive information within user metadata.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

Patches

Patch: plugins.trac.wordpress.orgPatch: plugins.trac.wordpress.org

🔴Vulnerability Details

2
GHSA
GHSA-j7h7-7c79-56qf: The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized acce2024-01-11
CVEList
Profile Builder <= 3.10.7 - Insecure Direct Object Reference to Sensitive Information Exposure via user_meta Shortcode2024-01-11
CVE-2023-6504 — Profile Builder vulnerability | cvebase