CVE-2024-6708

Name of the Vulnerable Software and Affected Versions: The User Profile Builder WordPress plugin versions prior to 3.12.2

Description: The issue allows Admin+ users to perform Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some parameters before outputting its content on the admin area.

Recommendations: For versions prior to 3.12.2, update to version 3.12.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin area to minimize the risk of exploitation. Avoid using the vulnerable plugin until the issue is resolved.