First published: Mon Feb 05 2024(Updated: )
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cozmoslabs Profile Builder | <=3.10.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-0324 has a high severity due to the potential for unauthorized modification of user data.
To fix CVE-2024-0324, update the User Profile Builder plugin to the latest version that includes capability checks.
CVE-2024-0324 affects all versions of the User Profile Builder plugin up to and including 3.10.8.
CVE-2024-0324 is a data modification vulnerability caused by a missing capability check.
Yes, CVE-2024-0324 can lead to data breaches if attackers exploit the unauthorized data modification capability.