Authentication Vulnerability with WordPress Plugin Profile Builder < 3.1.1
https://wordpress.orgProfile Builder and Profile Builder Pro were affected by a broken authentication vulnerability, allowing unauthenticated users to register or edit their account and gain the Administrator role using the plugin’s forms. The free version of the plugin has over 50,000+ active installations.
The issue has been fixed in version 3.1.1. The vulnerability exists in the Plugin’s own generated Registration Form or Profile Edit Form, this means if the site is using the shortcode [wppb-register] or [wppb-edit-profile] then it is vulnerable. It’s highly recommended you update it if you have an older version.