CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5639 – User Profile Picture <= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update
https://notcve.org/view.php?id=CVE-2024-5639
The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_change_profile_image' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to update the profile picture of any user. El complemento User Profile Picture para WordPress es vulnerable a Insecure Direct Object Reference en todas las versiones hasta la 2.6.1 incluida a través de la función 'rest_api_change_profile_image' debido a la falta de validación en una clave controlada por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de autor y superior, actualicen la imagen de perfil de cualquier usuario. • https://plugins.trac.wordpress.org/browser/metronet-profile-picture/tags/2.6.1/metronet-profile-picture.php#L1122 https://plugins.trac.wordpress.org/browser/metronet-profile-picture/tags/2.6.1/metronet-profile-picture.php#L989 https://plugins.trac.wordpress.org/changeset/3105132 https://www.wordfence.com/threat-intel/vulnerabilities/id/01a3b9ba-b18a-48d9-8365-d10f79fc6a6b?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0324 – User Profile Builder <= 3.10.8 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update
https://notcve.org/view.php?id=CVE-2024-0324
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles. El complemento User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función 'wppb_two_factor_authentication_settings_update' en todas las versiones hasta la 3.10.8 incluida. Esto hace posible que atacantes no autenticados habiliten o deshabiliten la funcionalidad 2FA presente en la versión Premium del complemento para roles de usuario arbitrarios. • https://github.com/kodaichodai/CVE-2024-0324 https://github.com/WordpressPluginDirectory/profile-builder/blob/main/profile-builder/admin/admin-functions.php#L517 https://plugins.trac.wordpress.org/changeset/3022354 https://www.wordfence.com/threat-intel/vulnerabilities/id/23caef95-36b6-40aa-8dd7-51a376790a40?source=cve • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22140 – WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-22140
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Cozmoslabs Profile Builder Pro. Este problema afecta a Profile Builder Pro: desde n/a hasta 3.10.0. The Profile Builder Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.10.0. This is due to missing or incorrect nonce validation. • https://patchstack.com/database/vulnerability/profile-builder-pro/wordpress-profile-builder-pro-plugin-3-10-0-csrf-leading-to-account-takeover-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22142 – WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2024-22142
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Scripting entre sitios') en Cozmoslabs Profile Builder Pro permite el XSS reflejado. Este problema afecta a Profile Builder Pro: desde n/a hasta 3.10.0. The Profile Builder Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/profile-builder-pro/wordpress-profile-builder-pro-plugin-3-10-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22141 – WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2024-22141
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Cozmoslabs Profile Builder Pro. Este problema afecta a Profile Builder Pro: desde n/a hasta 3.10.0. The Profile Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.10.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract a sensitive time-based one-time password (TOTP). • https://patchstack.com/database/vulnerability/profile-builder-pro/wordpress-profile-builder-pro-plugin-3-10-0-totp-secret-key-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •