Public Ticket #2323338
Vulnerability update for Profile Builder Pro


  • modoe212 started the conversation

    Hello. I have just received a warning that Pro Builder Pro needs an immediate update to version 3.1.1 because there is a reported flaw that allows an unauthenticated user to gain administrator privileges.

    WordPress observed that “Tonyredball” (a new threat) exploits the administrator registration vulnerability in “Profile Builder” via requests that contain the username, email, and other profile details of the new administrator account.

    Kindly requesting an update of the plugin at the earliest.

  • modoe212 replied

    Here is a link to the change log https://www.cozmoslabs.com/docs/profile-builder-2/profile-builder-changelogs/profile-builder-pro-full-changelog/

    Would an update be possible? if so, how soon? Was there any customization done to the current version of Pro Builder that comes bundled with your plugin and is there any risk to the overall plugin if I were to go ahead and purchase the pro version and install that instead?

  •  80
    Lee replied

    Hello there,

    We actually don't have anything to do with that plugin, nor is it bundled with WP Contacts.  Maybe it came with your theme?  Check that and reach out to them or the author of the plugin to get an update on it. 

    Thank you!

  • modoe212 replied

    Dear Lee,

    I am terribly sorry for the inconvenience caused. I genuinely thought that it was bundled worried about it. 

    Thank you for the time and again, apologies for raising unneeded concerns.

    Kind regards,


  •  80
    Lee replied

    No problem at all Mo it's hard to track what's bundled with different items, we all have a hard time keeping up with that!