Hello. I have just received a warning that Pro Builder Pro needs an immediate update to version 3.1.1 because there is a reported flaw that allows an unauthenticated user to gain administrator privileges.
WordPress observed that “Tonyredball” (a new threat) exploits the administrator registration vulnerability in “Profile Builder” via requests that contain the username, email, and other profile details of the new administrator account.
Kindly requesting an update of the plugin at the earliest.
Here is a link to the change log https://www.cozmoslabs.com/docs/profile-builder-2/profile-builder-changelogs/profile-builder-pro-full-changelog/
Would an update be possible? if so, how soon? Was there any customization done to the current version of Pro Builder that comes bundled with your plugin and is there any risk to the overall plugin if I were to go ahead and purchase the pro version and install that instead?
We actually don't have anything to do with that plugin, nor is it bundled with WP Contacts. Maybe it came with your theme? Check that and reach out to them or the author of the plugin to get an update on it.
I am terribly sorry for the inconvenience caused. I genuinely thought that it was bundled worried about it.
Thank you for the time and again, apologies for raising unneeded concerns.
No problem at all Mo it's hard to track what's bundled with different items, we all have a hard time keeping up with that!