Lucene search
PRIOn knowledge basePRION:CVE-2022-0653HistoryFeb 24, 2022 - 7:15 p.m.
Cross site scripting
2022-02-2419:15:00
PRIOn knowledge base
www.prio-n.com
6
0.002 Low
EPSS
Percentile
58.9%
The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.
| CPE | Name | Operator | Version |
|---|---|---|---|
| profile_builder | le | 3.6.1 |
Related
wpexploit
wpexploit
Profile Builder < 3.6.2 - Reflected Cross-Site Scripting
2022-02-17 00:00:00
patchstack
patchstack
cvelist
cvelist
cve
cve
CVE-2022-0653
2022-02-24 19:15:09
wpvulndb
wpvulndb
Profile Builder < 3.6.2 - Reflected Cross-Site Scripting
2022-02-17 00:00:00
nvd
nvd
CVE-2022-0653
2022-02-24 19:15:09
zdt
zdt
wordfence
wordfence
nuclei
nuclei
Wordpress Profile Builder Plugin Cross-Site Scripting
2022-02-24 11:33:20
cnvd
cnvd