Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Profile Builder Plugin Flaw Exposes Sites

July 15, 2024
Reading Time: 2 mins read
in Alerts
Profile Builder Plugin Flaw Exposes Sites

A critical vulnerability has been identified in the Profile Builder and Profile Builder Pro plugins, which collectively have over 50,000 active installations. This flaw, discovered during a routine audit, allows unauthenticated attackers to escalate their privileges and gain administrative access to targeted WordPress sites without needing valid credentials. The vulnerability, tracked as CVE-2024-6695, has been assigned a severe CVSSv3.1 score of 9.8 and was patched on July 11, 2024, with the release of version 3.11.9 of the plugin.

The issue arises from inconsistencies in how the plugins handle user-provided email addresses during registration. The flaw in the email validation process allows attackers to exploit these inconsistencies, gaining unauthorized administrative access. The vulnerability involves several steps including email validation, automatic login with a subscriber role, and nonce verification, which collectively fail to properly secure the registration and login process.

The impact of this vulnerability is significant, as it can lead to full administrative control of affected websites. This could result in unauthorized actions, including data theft, site defacement, and further exploitation. Website administrators using the affected plugins are urged to update to the latest version to address this critical security issue.

A proof of concept for exploiting this vulnerability is scheduled for release on August 5, 2024. This will likely provide additional details on how the flaw operates and underscore the importance of maintaining up-to-date security practices. The discovery of such vulnerabilities highlights the ongoing need for vigilance and robust security measures in the WordPress ecosystem.

Reference:
  • Critical Flaw in Profile Builder Plugins Exposes 50,000 Sites
Tags: Cyber AlertsCyber Alerts 2024Cyber threatsJuly 2024Profile BuilderVulnerabilitiesWordpress
ADVERTISEMENT

Related Posts

Fake Firms Push Malware on Crypto Users

Fake Sites Push Investment Scams

July 11, 2025
Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

July 11, 2025
Fake Firms Push Malware on Crypto Users

Fake Firms Push Malware on Crypto Users

July 11, 2025
Hackers Revive SEO Poisoning

Hackers Revive SEO Poisoning

July 10, 2025
Hackers Revive SEO Poisoning

RondoDox Botnet Exploits Router Flaws

July 10, 2025
Hackers Revive SEO Poisoning

ServiceNow Data Exposure via ACLs

July 10, 2025

Latest Alerts

Fake Sites Push Investment Scams

Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

RondoDox Botnet Exploits Router Flaws

ServiceNow Data Exposure via ACLs

Hackers Revive SEO Poisoning

Subscribe to our newsletter

    Latest Incidents

    Microsoft’s Outlook Long Outage

    Avantic Lab Affected By Ransomware

    $40M+ Stolen from GMX Crypto Platform

    Bitcoin Depot Breach Exposes Data

    McDonald’s AI Hiring Bot Exposes Data

    Nippon Steel Solutions Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial