4 matches found
CVE-2025-4671
The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's usermeta and compare shortcodes in all versions up to, and including, 3.13.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Profile Builder plugin <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via usermeta and compare Shortcodes vulnerability discovered by muhammad yudha in WordPress Plugin Profile Builder versions = 3.13.8...
CVE-2025-4671 Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes
The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's usermeta and compare shortcodes in all versions up to, and including, 3.13.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-4671 Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes
The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's usermeta and compare shortcodes in all versions up to, and including, 3.13.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...