CVE-2024-6695

Published: Jul 31, 2024Modified: Jan 2, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process.

Affected (1)

Products: Cozmoslabs: Profile Builder

Cozmoslabs

1 product

Profile Builder

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cozmoslabs Profile Builder	Before 3.11.9

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://wpscan.com/vulnerability/4afa5c85-ce27-4ca7-bba2-61fb39c53a5b/

Source: contact@wpscan.com

ExploitThird Party Advisory

Timeline

No history available yet.