WordPress Profile Builder Pro plugin <= 3.14.5 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by 0xbro in WordPress Plugin Profile Builder Pro versions = 3.14.5...

CVE-2026-7647

The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybeunserialize function on the attacker-controlled 'args' POST parameter within the wppbrequestuserspinsactioncallback AJAX handler, whi...

EUVD-2026-26750

The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybeunserialize function on the attacker-controlled 'args' POST parameter within the wppbrequestuserspinsactioncallback AJAX handler, whi...

PT-2026-36582

Name of the Vulnerable Software and Affected Versions Profile Builder Pro versions prior to 3.14.6 Description The Profile Builder Pro plugin for WordPress is susceptible to PHP Object Injection. This occurs because the wppb request users pins action callback AJAX handler uses the maybe unseriali...

WordPress Profile Builder Pro plugin <= 3.15.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Profile Builder Pro versions = 3.15.0...

CVE-2026-27413

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0...

CVE-2026-27413 WordPress Profile Builder Pro plugin < 3.14.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0...

CVE-2026-27413

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0...

CVE-2026-27413 WordPress Profile Builder Pro plugin < 3.14.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0...

WordPress plugin Profile Builder Pro SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2024-19737

Malicious code in bioql PyPI...

CVE-2024-22140

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...

CVE-2024-22140 WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...

CVE-2024-22140

CVE-2024-22140 is a Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro, affecting versions up to 3.10.0. Patch 3.10.1 fixes the issue. Public data from NVD/Red Hat indicate high impact (CVSS 3.1 base score 8.8). Patchstack documents unauthenticated exploitation lead...

CVE-2024-22141

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...

CVE-2024-22141

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...

CVE-2024-22141

CVE-2024-22141 affects Profile Builder Pro for WordPress (

CVE-2024-22141 WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...

PT-2024-19228 · Cozmoslabs · Profile Builder

Name of the Vulnerable Software and Affected Versions: Profile Builder Pro versions 3.10.0 and earlier Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a vulnerability in Cozmoslabs Profile Builder Pro. Recommendations: For versions 3.10...