CVE-2023-4059

Name of the Vulnerable Software and Affected Versions Profile Builder WordPress plugin versions prior to 3.9.8

Description The issue concerns a lack of authorization and CSRF protection in the page creation function of the plugin. This allows unauthenticated users to create specific pages, including register, log-in, and edit-profile pages, on the blog.

Recommendations For versions prior to 3.9.8, update to version 3.9.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the page creation function until the update is applied.