333 matches found
CVE-2025-4671 Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes
The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's usermeta and compare shortcodes in all versions up to, and including, 3.13.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-4671 Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes
The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's usermeta and compare shortcodes in all versions up to, and including, 3.13.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Profile Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Profile Builder Plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...
PT-2025-23603 · WordPress · Profile Builder
Name of the Vulnerable Software and Affected Versions: Profile Builder plugin for WordPress versions up to, and including, 3.13.8 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the user met...
CVE-2024-22141
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...
CVE-2024-6366
The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP...
CVE-2024-12738
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several user meta parameters in all versions up to, and including, 3.12.9 due to insufficient input sanitization and output escaping...
CVE-2024-31341
Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows Functionality Bypass.This issue affects Profile Builder: from n/a through 3.11.2...
CVE-2023-0814
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the usermeta shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that can be called via that...
CVE-2023-6504
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppbtoolboxusermetahandler function in all versions up to, and including, 3.10.7. This makes it...
CVE-2023-47669
Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin = 3.10.3 versions...
CVE-2014-10380
The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms...
CVE-2015-9328
The profile-builder plugin before 2.2.5 for WordPress has XSS...
WordPress Profile Builder plugin <= 3.12.0 - Admin+ Stored Cross Site Scripting vulnerability
Admin+ Stored Cross Site Scripting vulnerability discovered by John Castro in WordPress Plugin Profile Builder versions = 3.12.0...
CVE-2024-6708
The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks...
CVE-2024-6708
CVE-2024-6708 affects the WordPress plugin User Profile Builder , with versions prior to 3.12.2. The root cause is insufficient sanitisation/escaping of parameters in content output in the admin area, enabling Admin+ users to perform Cross-Site Scripting (XSS). The known impact is stored XSS in a...
CVE-2024-6708 Profile Builder <= 3.12.0 - Admin+ Stored Cross Site Scripting
The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks...
CVE-2024-6708 Profile Builder <= 3.12.0 - Admin+ Stored Cross Site Scripting
The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks...
WordPress plugin User Profile Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-21490 · WordPress · User Profile Builder
Name of the Vulnerable Software and Affected Versions: The User Profile Builder WordPress plugin versions prior to 3.12.2 Description: The issue allows Admin+ users to perform Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some parameters before outputting its...