Security Advisory

CVE-2023-4059

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-09-04 11:26:55

Last updated 2025-03-06 16:06:23

Assigner WPScan

State PUBLISHED

Description

The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog

← Browse all CVEs View on cve.org ↗