CVE-2024-6695
profile-builder <= 3.11.8 - Unauthenticated Privilege Escalationit's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process.
We have discovered 5,896 live websites that are affected by CVE-2024-6695.
Affected Software
| Product |  Profile Builder |
| Category | Wordpress Plugins |
| Vulnerable Domains | 5,896 live websites (42% of Profile Builder install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 167 versions ( 84% of all versions) |
Common Weakness Enumeration
CWE-287 Improper AuthenticationDetails
- Published - Jul 31, 2024
- Updated - Jul 31, 2024
Credits
- John Castro (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-6695 United States | 1,867 websites |
 Italy | 490 websites |
 Germany | 440 websites |
 Russia | 289 websites |
 France | 287 websites |
 GB | 286 websites |
 Spain | 175 websites |
 Netherlands | 164 websites |
 Canada | 151 websites |
 Australia | 121 websites |
Website Distribution by TLD
Number of websites using CVE-2024-6695| .com | 2,411 websites |
| .org | 395 websites |
| .it | 347 websites |
| .ru | 237 websites |
| .de | 182 websites |
| .co.uk | 157 websites |
| .nl | 130 websites |
| .net | 122 websites |
| .fr | 110 websites |
| .com.br | 104 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-6695
Top websites that are affected by CVE-2024-6695. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.com | United States | *,*** | |
| ***********.com | United States | **,*** | |
| ********.dk |  Denmark | **,*** | |
| ***********.com | United States | **,*** | |
| ********.com | United States | **,*** | |
| ********.org | United States | **,*** | |
| ***********.com | United States | **,*** | |
| ****************.com | United States | **,*** | |
| ****************.com | United States | **,*** | |
| ************************.org | United States | **,*** |
FAQ
CVE-2024-6695 is Improper Authentication in Profile Builder
A total of 5,896 websites have been identified as vulnerable to CVE-2024-6695, based on global website indexing conducted by WebTechSurvey.
The Profile Builder is affected by the CVE-2024-6695 vulnerability.
Profile Builder versions up to 3.11.9 are vulnerable to CVE-2024-6695.
CVE-2024-6695 is resolved in version 3.11.9 of Profile Builder.