{“lastseen”:””,”description”:”The User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles \\u0026 User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.15.5 via the wppb_save_avatar_value() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to reassign ownership of arbitrary posts and attachments by changing ‘post_author’.”,”published”:”2026-03-31T11:18:56.130Z”,”modified”:”2026-04-08T17:01:27.016Z”,”type”:”cve”,”title”:”User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles \\u0026 User Role Editor \\u003c= 3.15.5 – Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field”,”source”:”Wordfence”,”references”:”https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/760f7736-db49-4210-a2f3-3abb506106d7?source=cve\\nhttps:\/\/plugins.trac.wordpress.org\/changeset\/3481772\/profile-builder”,”id”:”CVE-2026-3139″,”bulletinFamily”:””,”cwe”:[“CWE-639″],”cvelist”:null,”sourceData”:”cozmoslabs User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles \\u0026 User Role Editor 0″,”sourceHref”:””,”cvss”:{“score”:4.3,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles \\u0026 User Role Editor”,”version”:”0″,”vendor”:”cozmoslabs”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”The User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles \\u0026 User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,123,12,21,13,7,11,5],"class_list":["post-44603","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-43","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n