CVE-2023-4059: 
WordPress vulnerability analysis and mitigation

CVE-2023-4059 affects the Profile Builder WordPress plugin versions before 3.9.8. The vulnerability was discovered by researcher Mesh3l_911 and was publicly disclosed on August 9, 2023. The issue exists in the plugin's page creation functionality, which lacks proper authorization controls and CSRF protection (WPScan).

The vulnerability stems from missing authorization checks and Cross-Site Request Forgery (CSRF) protections in the page creation function. It has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) and CWE-862 (Missing Authorization) (NVD).

When exploited, this vulnerability allows unauthenticated users to create specific pages on the WordPress site, including register, log-in, and edit-profile pages from the plugin. This unauthorized page creation capability could potentially impact the site's structure and user management functions (WPScan).

The vulnerability has been patched in Profile Builder version 3.9.8. Site administrators are strongly advised to update to this version or later to mitigate the security risk (WPScan).