Unrestricted Access Control in Profile-Builder Plugin for WordPress
CVE-2015-9337 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:P/A:N
The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX.
Learn more about our Wordpress Pen Testing.