32 matches found
EUVD-2015-9168
Malware in sbrugna...
EUVD-2014-8329
Malware in sbrugna...
EUVD-2016-1905
Malware in sbrugna...
WordPress Profile Builder Plugin Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Profile Builder Plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...
PT-2025-23603 · WordPress · Profile Builder
Name of the Vulnerable Software and Affected Versions: Profile Builder plugin for WordPress versions up to, and including, 3.13.8 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the user met...
WordPress plugin Profile Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Profile Builder Plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...
CVE-2023-0814
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the usermeta shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that can be called via that...
CVE-2015-9328
The profile-builder plugin before 2.2.5 for WordPress has XSS...
WordPress Profile Builder plugin <= 3.12.0 - Admin+ Stored Cross Site Scripting vulnerability
Admin+ Stored Cross Site Scripting vulnerability discovered by John Castro in WordPress Plugin Profile Builder versions = 3.12.0...
CVE-2024-12738 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.12.9 - Unauthenticated Stored Cross-Site Scripting
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several user meta parameters in all versions up to, and including, 3.12.9 due to insufficient input sanitization and output escaping...
VulnCheck KEV: CVE-2022-0653
The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the siteurl parameter found in the /assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto...
WordPress plugin Profile Builder Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2023-47669 WordPress Profile Builder Plugin <= 3.10.3 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin = 3.10.3 versions...
CVE-2023-4059
The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog...
CVE-2023-2297 Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function...
WordPress Profile Builder Plugin <= 3.9.0 is vulnerable to Sensitive Data Exposure
Software Profile Builder Type Plugin Vulnerable versions = 3.9.0 Fixed in 3.9.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0814 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 43ad15dcf7ab Credits István Márton Required...
CVE-2021-36915 WordPress Profile Builder plugin <= 3.6.0 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder plugin = 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on...
CVE-2021-36915 WordPress Profile Builder plugin <= 3.6.0 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder plugin = 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on...
WordPress plugin Profile Builder 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
CVE-2022-0884
The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfilteredhtml is disallowed...