CVE-2024-6708 – This vulnerability in the User Profile Builder ... (How to Fix)

Q: What is the severity of CVE-2024-6708?

CVE-2024-6708 has a CVSS score of 4.8 (MEDIUM). This vulnerability in the User Profile Builder WordPress plugin allows authenticated administrators to inject malicious scripts into admin pages. It affects WordPress sites using User Profile Builder versions before 3.12.2, enabling cross-site scripting attacks within the administrative interface.

📋 TL;DR

This vulnerability in the User Profile Builder WordPress plugin allows authenticated administrators to inject malicious scripts into admin pages. It affects WordPress sites using User Profile Builder versions before 3.12.2, enabling cross-site scripting attacks within the administrative interface.

💻 Affected Systems

Products:

User Profile Builder WordPress Plugin

Versions: All versions before 3.12.2

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with User Profile Builder plugin enabled. Only affects users with administrator privileges or higher.

📦 What is this software?

Profile Builder by Cozmoslabs

View all CVEs affecting Profile Builder →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with admin privileges could steal session cookies, redirect users to malicious sites, or perform actions on behalf of other administrators, potentially leading to complete site compromise.

🟠

Likely Case

Malicious admin users could inject scripts that affect other administrators, potentially stealing credentials or performing unauthorized administrative actions.

🟢

If Mitigated

With proper access controls limiting admin privileges to trusted users only, the impact is reduced to potential insider threats from compromised admin accounts.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrative access to WordPress. The vulnerability is in the admin interface, making it accessible only to authenticated admin users.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.12.2

Vendor Advisory: https://wpscan.com/vulnerability/b6822bd9-f9f9-41a4-ad19-019b1f03bd4c/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'User Profile Builder'. 4. Click 'Update Now' if available. 5. Alternatively, download version 3.12.2+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Remove Admin Privileges from Untrusted Users

all

Limit administrator access to only essential, trusted personnel to reduce attack surface.

Disable Plugin Temporarily

linux

Deactivate the User Profile Builder plugin until patching is possible.

wp plugin deactivate user-profile-builder

🧯 If You Can't Patch

Implement strict access controls and monitor admin user activities
Use web application firewall rules to block XSS payloads in admin areas

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins → User Profile Builder version. If version is below 3.12.2, system is vulnerable.

Check Version:

wp plugin get user-profile-builder --field=version

Verify Fix Applied:

Confirm User Profile Builder plugin version is 3.12.2 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual admin user activity
Script tags or JavaScript in admin area parameters
Multiple failed login attempts followed by successful admin login

Network Indicators:

HTTP requests with script payloads to admin-ajax.php or admin pages
Unusual outbound connections from admin sessions

SIEM Query:

source="wordpress.log" AND ("admin" OR "wp-admin") AND ("script" OR "javascript:" OR "onload=" OR "onerror=")

📊 Metadata

CVE ID: CVE-2024-6708

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.05% exploit probability (16.8th percentile)

Published: May 15, 2025

Last Updated: June 4, 2025

🔗 References

https://wpscan.com/vulnerability/b6822bd9-f9f9-41a4-ad19-019b1f03bd4c/ Exploit,Third Party Advisory
https://wpscan.com/vulnerability/b6822bd9-f9f9-41a4-ad19-019b1f03bd4c/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6708, you might also want to check these: