The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-02-05T21:21:37.446Z
Updated: 2024-02-05T21:21:37.446Z
Reserved: 2024-01-08T15:36:02.001Z
Link: CVE-2024-0324
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-02-05T22:15:59.980
Modified: 2024-02-13T18:53:03.170
Link: CVE-2024-0324
JSON object: View
Redhat Information
No data.
CWE