The plugin is affected by an Arbitrary Usermeta Update vulnerability, which leads to Privilege Escalation.
Vulnerabilities
In the Lana Codes Vulnerability Database (LANAVDB), we collect the vulnerabilities we discover in other systems and provide detailed analysis and descriptions.
By: 
BuddyPress Social Connect by VibeThemes WordPress plugin Authentication Bypass
The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrator role on the website.
OTP Login/Signup Woocommerce by XootiX WordPress plugin Authentication Bypass
The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s phone number. Depending on whose phone number we know, we may even be given an administrator role on the website.
Profile Builder by Cozmoslabs WordPress plugin Privilege Escalation
The plugin is affected by an Insecure Password Reset Mechanism and a Sensitive Information Disclosure via Shortcode vulnerability, which leads to Privilege Escalation. The plugin has an improperly used method allowing to reset the user password, and gain unauthorized access. The key required for password reset, which is stored in the database, can be retrieved with the plugin’s shortcode as an authenticated user.
WP User Switch by IqbalRony WordPress plugin Authentication Bypass
The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the admin’s username, which we can use to bypass authorization, then we can log in as any user from the user switch list.