Unrestricted Access Control in Profile-Builder Plugin for WordPress

Unrestricted Access Control in Profile-Builder Plugin for WordPress

CVE-2015-9337 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX.

Learn more about our Wordpress Pen Testing.