CVE-2024-22141: 
WordPress vulnerability analysis and mitigation

CVE-2024-22141 is a sensitive information exposure vulnerability affecting Cozmoslabs Profile Builder Pro WordPress plugin through version 3.10.0. The vulnerability was discovered by Dave Jong from Patchstack and was initially disclosed on January 10, 2024 (Patchstack Advisory).

The vulnerability is classified as an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200). It has received a CVSS v3.1 base score of 7.5 HIGH from NVD with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, while Patchstack assigned a CVSS score of 6.5 MEDIUM with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (NVD).

The vulnerability could allow a malicious actor to view sensitive information that is normally not available to regular users. This exposed information could potentially be used to exploit other weaknesses in the system (Patchstack Advisory).

The vulnerability has been fixed in version 3.10.1 of Profile Builder Pro. Users are advised to update to this version or later to resolve the vulnerability. Patchstack has also issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to a fixed version (Patchstack Advisory).