Profile Builder@* Security Vulnerabilities and Issues — Profile Builder@* CVE List

Lucene search

CozmoslabsProfile Builder*

3 matches found

CVE•added 2022/04/04 4:15 p.m.•75 views

CVE-2022-0884

The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed

4.8CVSS4.9AI score0.00195EPSS

CVE•added 2022/02/24 7:15 p.m.•57 views

CVE-2022-0653

The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a...

6.1CVSS5.9AI score0.0565EPSS

CVE•added 2022/10/11 8:15 p.m.•46 views

CVE-2021-36915

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin

4.3CVSS4.7AI score0.00119EPSS