Lucene search
+L

333 matches found

Vulnrichment
Vulnrichment
added 2025/06/03 11:22 a.m.14 views

CVE-2025-4671 Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes

The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's usermeta and compare shortcodes in all versions up to, and including, 3.13.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00238EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/06/03 11:22 a.m.17 views

CVE-2025-4671 Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes

The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's usermeta and compare shortcodes in all versions up to, and including, 3.13.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00238EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/06/03 12:0 a.m.3 views

WordPress plugin Profile Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Profile Builder Plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

6.4CVSS6AI score0.00238EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/06/03 12:0 a.m.7 views

PT-2025-23603 · WordPress · Profile Builder

Name of the Vulnerable Software and Affected Versions: Profile Builder plugin for WordPress versions up to, and including, 3.13.8 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the user met...

6.4CVSS5.7AI score0.00238EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/23 9:34 a.m.9 views

CVE-2024-22141

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...

7.5CVSS7.8AI score0.00492EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:1 a.m.23 views

CVE-2024-6366

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP...

9.1CVSS6.8AI score0.28993EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:1 a.m.5 views

CVE-2024-12738

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several user meta parameters in all versions up to, and including, 3.12.9 due to insufficient input sanitization and output escaping...

6.1CVSS6.1AI score0.00383EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:39 a.m.9 views

CVE-2024-31341

Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows Functionality Bypass.This issue affects Profile Builder: from n/a through 3.11.2...

5.3CVSS6.8AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.12 views

CVE-2023-0814

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the usermeta shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that can be called via that...

6.5CVSS5.7AI score0.00769EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:57 a.m.9 views

CVE-2023-6504

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppbtoolboxusermetahandler function in all versions up to, and including, 3.10.7. This makes it...

4.3CVSS6AI score0.00349EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:8 a.m.10 views

CVE-2023-47669

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin = 3.10.3 versions...

8.8CVSS7.1AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:14 a.m.7 views

CVE-2014-10380

The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms...

6.1CVSS6.2AI score0.00913EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:52 a.m.7 views

CVE-2015-9328

The profile-builder plugin before 2.2.5 for WordPress has XSS...

6.1CVSS7.1AI score0.00913EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/19 1:46 a.m.12 views

WordPress Profile Builder plugin <= 3.12.0 - Admin+ Stored Cross Site Scripting vulnerability

Admin+ Stored Cross Site Scripting vulnerability discovered by John Castro in WordPress Plugin Profile Builder versions = 3.12.0...

4.8CVSS6.1AI score0.00315EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/05/15 8:15 p.m.3 views

CVE-2024-6708

The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks...

4.8CVSS5.8AI score0.00315EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.29 views

CVE-2024-6708

CVE-2024-6708 affects the WordPress plugin User Profile Builder , with versions prior to 3.12.2. The root cause is insufficient sanitisation/escaping of parameters in content output in the admin area, enabling Admin+ users to perform Cross-Site Scripting (XSS). The known impact is stored XSS in a...

4.8CVSS6.1AI score0.00315EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.9 views

CVE-2024-6708 Profile Builder <= 3.12.0 - Admin+ Stored Cross Site Scripting

The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks...

5.2AI score0.00315EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.31 views

CVE-2024-6708 Profile Builder <= 3.12.0 - Admin+ Stored Cross Site Scripting

The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks...

0.00315EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.3 views

WordPress plugin User Profile Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.8CVSS4.9AI score0.00315EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.4 views

PT-2025-21490 · WordPress · User Profile Builder

Name of the Vulnerable Software and Affected Versions: The User Profile Builder WordPress plugin versions prior to 3.12.2 Description: The issue allows Admin+ users to perform Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some parameters before outputting its...

4.8CVSS4.8AI score0.00315EPSS
Exploits1References5
Rows per page
Query Builder