cleantalk
Vulnerabilities and Security Researches

User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor, CVE-2023-6504

CVE, Research URL

CVE-2023-6504

Home page URL

Security reports for User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

Application

User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

Published on
Jan 11, 2024
Research Description
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all versions up to, and including, 3.10.7. This makes it possible for authenticated attackers, with contributor-level access and above, to expose sensitive information within user metadata.
Affected versions
Min -, max 3.10.8.
Status
vulnerable
Previous vulnerability researches
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2024-12738) , Jan 09, 2025
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2024-6366) , Jul 30, 2024
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2025-2314) , Apr 17, 2025
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2022-0884) , Jun 06, 2024
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2014-10380) , Jun 06, 2024
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025