Profile Builder@* Security Vulnerabilities and Issues — Profile Builder@* CVE List

Lucene search

CozmoslabsProfile Builder*

11 matches found

CVE•added 2024/07/29 6:15 a.m.•92 views

CVE-2024-6366

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.

9.1CVSS6.6AI score0.91198EPSS

CVE•added 2022/04/04 4:15 p.m.•76 views

CVE-2022-0884

The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed

4.8CVSS4.9AI score0.00195EPSS

CVE•added 2023/11/13 2:15 a.m.•45 views

CVE-2023-47669

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin

8.8CVSS7AI score0.00051EPSS

CVE•added 2021/08/16 11:15 a.m.•44 views

CVE-2021-24527

The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such cha...

10CVSS9.7AI score0.00529EPSS

Web

CVE•added 2023/09/04 12:15 p.m.•41 views

CVE-2023-4059

The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog

4.3CVSS5AI score0.00134EPSS

CVE•added 2021/08/02 11:15 a.m.•39 views

CVE-2021-24448

The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.8 does not sanitise or escape its 'Modify default Redirect Delay timer' setting, allowing high privilege users to use JavaScript code in it, even when the unfiltered_html capability is disallowed, leading to an authe...

4.8CVSS4.7AI score0.00283EPSS

Web

CVE•added 2019/08/21 6:15 p.m.•37 views

CVE-2014-10380

The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms.

6.1CVSS6.1AI score0.0019EPSS

CVE•added 2019/08/22 2:15 p.m.•35 views

CVE-2015-9337

The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX.

7.5CVSS7.6AI score0.00213EPSS

CVE•added 2019/08/21 6:15 p.m.•33 views

CVE-2015-9328

The profile-builder plugin before 2.2.5 for WordPress has XSS.

6.1CVSS6.4AI score0.0019EPSS

CVE•added 2019/08/21 6:15 p.m.•24 views

CVE-2016-10911

The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues.

6.1CVSS6.1AI score0.0019EPSS

CVE•added 2025/05/15 8:15 p.m.•18 views

CVE-2024-6708

The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks.

4.8CVSS6.1AI score0.00062EPSS