CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added yesterday•4 views

CVE-2026-42385

The CVE concerns WordPress Profile Builder Pro plugin, versions ≤ 3.15.0, with an Unauthenticated Cross Site Scripting (XSS) vulnerability. The issue affects the plugin’s handling of input in a way that allows an attacker without authentication to inject script resulting in client-side execution....

7.1CVSS5.1AI score

Cvelist•added yesterday•4 views

CVE-2026-42385 WordPress Profile Builder Pro plugin <= 3.15.0 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Profile Builder Pro = 3.15.0 versions...

7.1CVSS

Patchstack•added 2026/05/05 1:38 p.m.•10 views

WordPress Profile Builder Pro plugin <= 3.14.5 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by 0xbro in WordPress Plugin Profile Builder Pro versions = 3.14.5...

8.1CVSS5.8AI score0.00462EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/05/04 8:21 p.m.•2 views

CVE-2026-7647

The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybeunserialize function on the attacker-controlled 'args' POST parameter within the wppbrequestuserspinsactioncallback AJAX handler, whi...

NVD•added 2026/05/02 6:16 a.m.•1 views

CVE-2026-7647

8.1CVSS0.00462EPSS

Cvelist•added 2026/05/02 5:29 a.m.•29 views

CVE-2026-7647 Profile Builder Pro <= 3.14.5 - Unauthenticated PHP Object Injection

8.1CVSS0.00462EPSS

ATTACKERKB•added 2026/05/02 5:29 a.m.•3 views

CVE-2026-7647

EUVD•added 2026/05/02 5:29 a.m.•3 views

Exploits0References6

EUVD-2026-26750

Vulnrichment•added 2026/05/02 5:29 a.m.•3 views

CVE-2026-7647 Profile Builder Pro <= 3.14.5 - Unauthenticated PHP Object Injection

CVE•added 2026/05/02 5:29 a.m.•9 views

CVE-2026-7647

Profile Builder Pro for WordPress (versions up to 3.14.5) is vulnerable to PHP Object Injection due to maybe_unserialize() on the attacker-controlled 'args' parameter in wppb_request_users_pins_action_callback(). The AJAX handler is registered for both authenticated and unauthenticated requests (...

CNNVD•added 2026/05/02 12:0 a.m.•4 views

WordPress plugin Profile Builder Pro 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Positive Technologies•added 2026/05/02 12:0 a.m.•8 views

PT-2026-36582

Name of the Vulnerable Software and Affected Versions Profile Builder Pro versions prior to 3.14.6 Description The Profile Builder Pro plugin for WordPress is susceptible to PHP Object Injection. This occurs because the wppb request users pins action callback AJAX handler uses the maybe unseriali...

Patchstack•added 2026/04/27 1:40 p.m.•4 views

Exploits0References12

WordPress Profile Builder Pro plugin <= 3.15.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Profile Builder Pro versions = 3.15.0...

5.1AI score

Exploits0Affected Software1

RedhatCVE•added 2026/03/26 3:1 p.m.•2 views

CVE-2026-27413

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0...

9.3CVSS5.6AI score0.00378EPSS

EUVD•added 2026/03/19 6:30 a.m.•5 views

EUVD-2026-13057

9.3CVSS5.8AI score0.00378EPSS

Exploits0References2

NVD•added 2026/03/19 6:16 a.m.•2 views

CVE-2026-27413

9.3CVSS0.00378EPSS