Vulnerability in Profile Builder plugin 2.4.0 and older
This entry was posted in Vulnerabilities, Wordfence, WordPress Security on July 7, 2016 by Dan Moen 3 Replies
Wordfence Security Researcher Panagiotis Vagenas recently discovered a privilege escalation vulnerability in the Profile Builder WordPress plugin, which has over 40,000 active installs according to wordpress.org. We shared the details of the vulnerability with the author yesterday and added a firewall rule to our Threat Defense Feed. The author released version 2.4.1 today which fixes the vulnerability.
The privilege escalation vulnerability allows an attacker to elevate the privileges of low level WordPress user roles such as Subscriber, to Administrator, giving them full control of the website. This vulnerability only impacts websites that have registration enabled, but given that the plugin functionality is directly related to registration it is likely that the majority of websites with the plugin installed are effected.
CVSS Severity: 8.8 (High)
What to do
Premium Wordfence customers that have the firewall enabled are already protected by the firewall rule we added yesterday morning. Free Wordfence users running the Profile Builder plugin should upgrade to version 2.4.1 immediately, and will receive a rule to protect against this vulnerability on August 5th.