CVE-2024-6708 Information

Description

The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area which allows Admin+ users to perform Cross-Site Scripting attacks.

Reference

https://wpscan.com/vulnerability/b6822bd9-f9f9-41a4-ad19-019b1f03bd4c/