Lucene search
+L

333 matches found

Patchstack
Patchstack
added 2026/03/31 11:58 p.m.5 views

WordPress User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field vulnerability

WordPress User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin = 3.15.5 - Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Post Author Reassignment via Avatar Field vulnerability discovered by type5afe in WordPress Plugin Profile...

4.3CVSS5.9AI score0.00171EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/31 12:31 p.m.8 views

EUVD-2026-17365

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.15.5 via the wppbsaveavatarvalue function due to missing validation on a user controlled key...

4.3CVSS6AI score0.00171EPSS
Exploits0References3
NVD
NVD
added 2026/03/31 12:16 p.m.6 views

CVE-2026-3139

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.15.5 via the wppbsaveavatarvalue function due to missing validation on a user controlled key...

4.3CVSS0.00171EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/31 11:18 a.m.31 views

CVE-2026-3139 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.15.5 via the wppbsaveavatarvalue function due to missing validation on a user controlled key...

4.3CVSS0.00171EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/31 11:18 a.m.1 views

CVE-2026-3139 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.15.5 via the wppbsaveavatarvalue function due to missing validation on a user controlled key...

4.3CVSS6AI score0.00171EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 11:18 a.m.4 views

CVE-2026-3139

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.15.5 via the wppbsaveavatarvalue function due to missing validation on a user controlled key...

4.3CVSS6AI score0.00171EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.12 views

PT-2026-29224

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.15.5 via the wppb save avatar value function due to missing validation on a user controlled key...

4.3CVSS6AI score0.00171EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

WordPress plugin User Profile Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.4 views

CVE-2026-27413

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0...

9.3CVSS5.6AI score0.00378EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/19 6:30 a.m.6 views

EUVD-2026-13057

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a through 3.13.9...

9.3CVSS5.8AI score0.00378EPSS
Exploits0References2
NVD
NVD
added 2026/03/19 6:16 a.m.4 views

CVE-2026-27413

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0...

9.3CVSS0.00378EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/19 5:28 a.m.2 views

CVE-2026-27413 WordPress Profile Builder Pro plugin < 3.14.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0...

9.3CVSS5.9AI score0.00378EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/19 5:28 a.m.3 views

CVE-2026-27413

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0...

9.3CVSS5.9AI score0.00378EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/19 5:28 a.m.28 views

CVE-2026-27413 WordPress Profile Builder Pro plugin < 3.14.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0...

9.3CVSS0.00378EPSS
Exploits0References1
CVE
CVE
added 2026/03/19 5:28 a.m.19 views

CVE-2026-27413

CVE-2026-27413 is a SQL Injection vulnerability in the WordPress plugin Profile Builder Pro (the Profile Builder Pro component). The issue is described as an improper neutralization of special elements used in SQL commands, allowing Blind SQL Injection. Affected versions are Profile Builder Pro: ...

9.3CVSS5.6AI score0.00378EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.10 views

WordPress plugin Profile Builder Pro SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.3CVSS5.9AI score0.00378EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.9 views

PT-2026-26250

🔴 CVE-2026-27413 - Critical Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile ... https://t.co/OrD4pUzaav https://t.co/t4vSMOeqXj...

9.3CVSS5.9AI score0.00378EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/02/23 10:52 a.m.10 views

WordPress Profile Builder Pro plugin <= 3.13.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Profile Builder Pro versions = 3.13.9...

5.8AI score0.00378EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/03 9:18 a.m.18 views

CVE-2025-15030

The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account...

9.8CVSS5.4AI score0.00487EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/02/03 6:32 a.m.8 views

WordPress User Profile Builder plugin < 3.15.2 - Unauthenticated Arbitrary Password Reset vulnerability

Unauthenticated Arbitrary Password Reset vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Profile Builder versions 3.15.2...

9.8CVSS5.3AI score0.00487EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder