3 matches found
CVE-2022-0653 Profile Builder – User Profile & User Registration Forms <= 3.6.1 Reflected Cross-Site Scripting
The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the siteurl parameter found in the /assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a...
Reflected Cross-Site Scripting Vulnerability Patched in WordPress Profile Builder Plugin
On January 4, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Profile Builder – User Profile & User Registration Forms”, a WordPress plugin that is installed on over 50,000 WordPress websites. This vulnerability makes ...
WordPress Cozmoslabs Profile Builder 3.6.1 Cross Site Scripting Vulnerability
The Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Profile Builder – User Profile & User Registration Forms”, a WordPress plugin that is installed on over 50,000 WordPress websites. This vulnerability makes it possible for an...