References: https://wpscan.com/blog/unauthenticated-privilege-escalation-in-profile-builder-plugin/
When registering a new user, add a space before the victim's email. For examples,
admin@email.com
The vulnerability works due to signup using trim($request_data['email'])) and autologin using trim(sanitize_email( $_POST['email'])).
If the frontend prevents it, you may need to change the email with Burp Suite or another proxy.
Prerequisites:
- register enabled
- autologin enabled