The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all versions up to, and including, 3.10.7. This makes it possible for authenticated attackers, with contributor-level access and above, to expose sensitive information within user metadata.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-01-11T08:33:08.576Z
Updated: 2024-01-11T08:33:08.576Z
Reserved: 2023-12-04T19:37:21.737Z
Link: CVE-2023-6504
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-11T09:15:48.710
Modified: 2024-01-17T20:32:01.283
Link: CVE-2023-6504
JSON object: View
Redhat Information
No data.
CWE