CVE-2023-4059
Profile Builder < 3.9.8 - Unauthenticated Plugin's Pages Creation
The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog
We have discovered 56 live websites that are affected by CVE-2023-4059.
Affected Software
| Product |  Profile Builder |
| Category | Wordpress Plugins |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 52 |
| Vulnerable Domains | 56 live websites (25.57% of Profile Builder install base) |
Details
- Published - Sep 4, 2023
- Updated - Sep 4, 2023
Credits
- Mesh3l_911 (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
Countries
 United States | 20 websites |
 GB | 6 websites |
 Spain | 4 websites |
 Italy | 4 websites |
 Germany | 3 websites |
 Brazil | 2 websites |
 France | 2 websites |
 Austria | 1 websites |
 Australia | 1 websites |
 Belgium | 1 websites |
TLDs
| .com | 18 websites |
| .org | 13 websites |
| .co.uk | 2 websites |
| .com.br | 2 websites |
| .de | 2 websites |
| .es | 2 websites |
| .it | 2 websites |
| .at | 1 websites |
| .be | 1 websites |
| .co | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-4059
Top websites that are affected by CVE-2023-4059. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.co |  Canada | **,*** | |
| ***************.org | United States | ***,*** | |
| ***.******.org | United States | ***,*** | |
| *******.org | Spain | ***,*** | |
| ********************.com | United States | ***,*** | |
| ***********.com | GB | ***,*** | |
| ***.*********.org | United States | ***,*** | |
| ***.************.org | United States | ***,*** | |
| ***.*************.de | Germany | ***,*** | |
| ************.org | Germany | ***,*** |