CVE-2023-0814

MEDIUM

Profile Builder < 3.9.0 - Authenticated Sensitive Information Exposure via User Meta Shortcode

Title source: llm

Description

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account. This does require the Usermeta shortcode be enabled to be exploited.

References (5)

Core 5

Core References

Patch

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2864329%40profile-builder&new=2864329%40profile-builder&sfp_email=&sfph_mail=

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/bbedad66-a5a6-4fb5-b03e-0ecf9fbef19a

https://www.wordfence.com/threat-intel/vulnerabilities/id/bbedad66-a5a6-4fb5-b03e-0ecf9fbef19a?source=cve

https://lana.codes/lanavdb/512e7307-04a5-4d8b-8f79-f75f37784a9f/

https://www.wordfence.com/blog/2023/03/vulnerability-patched-in-cozmolabs-profile-builder-plugin-information-disclosure-leads-to-account-takeover/

Scores

CVSS v3 6.5

EPSS 0.0077

EPSS Percentile 50.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200 CWE-863

Status published

Products (2)

cozmoslabs/profile_builder < 3.9.0

cozmoslabs/User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor < 3.9.0

Published Feb 14, 2023

Tracked Since Feb 18, 2026