CVSS 3.1 Score 4.3 of 10 (medium)


Published Sep 4, 2023
Updated: Nov 7, 2023
CWE ID 352
CWE ID 862


CVE-2023-4059 is a vulnerability that affects the Profile Builder WordPress plugin before version 3.9.8. This vulnerability allows unauthenticated users to create the register, log-in, and edit-profile pages on the blog using the plugin, as it lacks authorization and cross-site request forgery (CSRF) protection in its page creation function. The potential danger of this vulnerability is that it can be exploited by attackers to manipulate user registration and authentication processes, potentially leading to unauthorized access or account hijacking. Organizations using affected versions of the Profile Builder plugin should update to version 3.9.8 or later to remediate this vulnerability and enhance security.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-4059 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options