Vulnerability in Profile Builder plugin 2.4.0 and older

Wordfence Security Researcher Panagiotis Vagenas recently discovered a privilege escalation vulnerability in the Profile Builder WordPress plugin, which has over 40,000 active installs according to wordpress.org. We shared the details of the vulnerability with the author yesterday and added a firewall rule to our Threat Defense Feed. The author released version 2.4.1 today which fixes the vulnerability.

The privilege escalation vulnerability allows an attacker to elevate the privileges of low level WordPress user roles such as Subscriber, to Administrator, giving them full control of the website. This vulnerability only impacts websites that have registration enabled, but given that the plugin functionality is directly related to registration it is likely that the majority of websites with the plugin installed are effected.

CVSS Severity: 8.8 (High)

What to do
Premium Wordfence customers that have the firewall enabled are already protected by the firewall rule we added yesterday morning. Free Wordfence users running the Profile Builder plugin should upgrade to version 2.4.1 immediately, and will receive a rule to protect against this vulnerability on August 5th.

Did you enjoy this post? Share it!

Comments

3 Comments
  • Does this vulnerability extend to their Pro version?

    • Hi John, the Pro version appears to be a separate plugin but I would check with the Cozmoslabs support team just to be safe.

  • Thanks for always informing about security issues. I have just brought your premium service for my most important sites.