CVE-2023-4059: Profile Builder < 3.9.8 - Unauthenticated Plugin's Pages Creation
First published: Mon Sep 04 2023(Updated: )
The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cozmoslabs Profile Builder | <3.9.8 | |
| <3.9.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID is CVE-2023-4059.
What is the affected software for this vulnerability?
The affected software is the Profile Builder WordPress plugin before version 3.9.8.
What is the severity rating of CVE-2023-4059?
The severity rating of CVE-2023-4059 is medium with a score of 4.3.
What is the vulnerability description of CVE-2023-4059?
The Profile Builder WordPress plugin before 3.9.8 lacks authorization and CSRF in its page creation function, allowing unauthenticated users to create the register, log-in, and edit-profile pages from the plugin on the blog.
How can I fix CVE-2023-4059?
To fix CVE-2023-4059, it is recommended to update the Profile Builder WordPress plugin to version 3.9.8 or later.
- collector/nvd-index
- agent/author
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/title
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/tags
- agent/source
- vendor/cozmoslabs
- canonical/cozmoslabs profile builder