A critical vulnerability has been identified in the Profile Builder and Profile Builder Pro plugins, which collectively have over 50,000 active installations. This flaw, discovered during a routine audit, allows unauthenticated attackers to escalate their privileges and gain administrative access to targeted WordPress sites without needing valid credentials. The vulnerability, tracked as CVE-2024-6695, has been assigned a severe CVSSv3.1 score of 9.8 and was patched on July 11, 2024, with the release of version 3.11.9 of the plugin.
The issue arises from inconsistencies in how the plugins handle user-provided email addresses during registration. The flaw in the email validation process allows attackers to exploit these inconsistencies, gaining unauthorized administrative access. The vulnerability involves several steps including email validation, automatic login with a subscriber role, and nonce verification, which collectively fail to properly secure the registration and login process.
The impact of this vulnerability is significant, as it can lead to full administrative control of affected websites. This could result in unauthorized actions, including data theft, site defacement, and further exploitation. Website administrators using the affected plugins are urged to update to the latest version to address this critical security issue.
A proof of concept for exploiting this vulnerability is scheduled for release on August 5, 2024. This will likely provide additional details on how the flaw operates and underscore the importance of maintaining up-to-date security practices. The discovery of such vulnerabilities highlights the ongoing need for vigilance and robust security measures in the WordPress ecosystem.