);         if (isset($request_data[’email’]) && !is_email(trim($request_data[’email’]))) {            return __(‘The email you entered is not a valid email address.’, ‘profile-builder’);        }         $users = $wpdb->get_results($wpdb->prepare(“SELECT * FROM {$wpdb->users} WHERE user_email = %s”, $request_data[’email’]));         if (!empty($users)) { //register again            if ($form_location == ‘register’)                return __(‘This email is already in use.’, ‘profile-builder’) . ” . __(‘Please try a different one!’, ‘profile-builder’);        }    }}

Here’s a brief overview of the process:

Email Validation: The plugin validates the email address provided during registration to ensure it is not already in use and is a valid email format.

Automatic Login: The user is automatically logged in with a subscriber role after successful registration. This process involves generating a security nonce and retrieving the user object using the email address.

Nonce Verification: The plugin then uses the generated nonce and user ID to log the user in with the corresponding privileges automatically.

The vulnerability arises from the lack of consistency in handling the user-provided email information at various stages of this process. This inconsistency allows attackers to manipulate the registration process and gain administrative access.

Impact and Mitigation

The implications of this vulnerability are severe, as it allows attackers to perform unauthorized actions with administrative privileges. This could lead to the complete compromise of affected websites, including data theft, defacement, and further exploitation.

Website administrators using the Profile Builder and Profile Builder Pro plugins are strongly advised to update to version 3.11.9 immediately to mitigate the risk.

The update addresses the vulnerability by consistently handling user-provided email information and enhancing security checks during registration.

A proof of concept demonstrating the exploitation of this vulnerability is scheduled to be released on August 5th, 2024.

This release will likely provide further insights into the flaw’s mechanics and underscore the importance of timely updates and robust security practices.

As the WordPress ecosystem grows, the discovery of such vulnerabilities highlights the need for continuous vigilance and proactive security measures to protect websites and their users from emerging threats.

“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo”]