Vulnerability Patched in Cozmolabs Profile Builder Plugin – Information Disclosure Leads to Account Takeover

Vulnerability Patched in Cozmolabs Profile Builder Plugin – Information Disclosure Leads to Account Takeover

On Tuesday, February 7th, 2023, prominent WordPress vulnerability researcher István Márton, also known as Lana Codes, reached out to the Wordfence Threat Intelligence team to responsibly disclose an information disclosure vulnerability in Cozmolabs Profile Builder, a WordPress plugin designed to enhance the user profile and registration experience with a reported 60,000+ active installations. If exploited, this vulnerability allows threat actors to gain elevated privileges by taking over arbitrary accounts.

[lees verder bij WordFence]

14-03-2023 Deel
Deze website is gemaakt met Websitemachine.nl