The Profile Builder WordPress plugin prior to 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cozmoslabs profile builder |