Back
WordPress Profile Builder Pro premium plugin <= 3.3.2 - Authenticated Blind SQL Injection (SQLi) vulnerability
- Product
- Profile Builder Pro
- Description
- Authenticated Blind SQL Injection (SQLi) vulnerability found by Lenon Leite in WordPress Profile Builder Pro premium plugin (versions <= 3.3.2).
- Solution
- Update the WordPress Profile Builder Pro premium plugin to the latest available version (at least 3.3.3).
- Classification
-
Type SQL Injection
OWASP Top 10 A1: Injection
- References
-
Plugin changelog
- CVE
- Name CVE-N/A
- Versions
-
Affected In
<= 3.3.2
Fixed In 3.3.3
- Disclosure date
- 2020-12-02
- Credits
- Lenon Leite