CVE 4.3 MEDIUM

User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field_CVE-2026-3139

April 12, 2026 invoker category_cve
4.3 / 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Description

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.15.5 via the wppb_save_avatar_value() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to reassign ownership of arbitrary posts and attachments by changing 'post_author'.

Basic Information

ID CVE-2026-3139
Source Wordfence
Published Mar 31, 2026 at 11:18
Modified Apr 8, 2026 at 17:01

Affected Product

Vendor cozmoslabs
Product User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
Affected Versions cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor 0

CWE Classification

CWE-639

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.