Wordpress Profile Builder Plugin Cross-Site Scripting

The Profile Builder User Profile & User Registration Forms WordPress plugin is vulnerable to cross-site scripting due to insufficient escaping and sanitization of the siteurl parameter found in the /assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a...

CVE-2026-27413

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0...

CVE-2026-27413

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0...

CVE-2025-68514

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through = 2.16.8...

PT-2026-21088

Name of the Vulnerable Software and Affected Versions Cozmoslabs Paid Member Subscriptions versions n/a through 2.16.8 Description An authorization bypass exists due to incorrectly configured access control security levels in Cozmoslabs Paid Member Subscriptions. The issue allows exploitation...

CVE-2023-25968

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs, Madalin Ungureanu, Antohe Cristian Client Portal – Private user pages and login plugin = 1.1.8 versions...

CVE-2025-66074

Unrestricted Upload of File with Dangerous Type vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Path Traversal.This issue affects WP Webhooks: from n/a through = 3.3.8...

CVE-2025-66074

Unrestricted Upload of File with Dangerous Type vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Path Traversal.This issue affects WP Webhooks: from n/a through = 3.3.8...

EUVD-2025-204050

Unrestricted Upload of File with Dangerous Type vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Path Traversal.This issue affects WP Webhooks: from n/a through = 3.3.8...

CVE-2025-66074

CVE-2025-66074 (WP Webhooks) is a real vulnerability in the WP Webhooks plugin by Cozmoslabs, allowing unauthenticated arbitrary file upload via path traversal in the wp-webhooks endpoint. Affected versions are WP Webhooks

PT-2025-52195

Unrestricted Upload of File with Dangerous Type vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Path Traversal.This issue affects WP Webhooks: from n/a through = 3.3.8...

CVE-2025-66073

Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through = 3.3.8...

EUVD-2025-198470

Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through = 3.3.8...

CVE-2025-66073

Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through = 3.3.8...

PT-2025-47746

Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through = 3.3.8...

CVE-2025-58592

Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through = 2.10.2...

EUVD-2021-23491

Malware in sbrugna...

EUVD-2025-26566

Malicious code in bioql PyPI...

EUVD-2024-19737

Malicious code in bioql PyPI...

EUVD-2024-30515

Malicious code in bioql PyPI...