Profile Builder Security Vulnerabilities and Issues — Profile Builder CVE List

Lucene search

CozmoslabsProfile Builder

6 matches found

CVE•added 2022/02/24 7:15 p.m.•57 views

CVE-2022-0653

The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a...

6.1CVSS5.9AI score0.21614EPSS

CVE•added 2023/02/14 2:15 a.m.•51 views

CVE-2023-0814

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that can be called via that...

6.5CVSS6.1AI score0.00316EPSS

CVE•added 2019/08/21 6:15 p.m.•36 views

CVE-2014-10380

The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms.

6.1CVSS6.1AI score0.0019EPSS

CVE•added 2019/08/21 6:15 p.m.•32 views

CVE-2015-9328

The profile-builder plugin before 2.2.5 for WordPress has XSS.

6.1CVSS6.4AI score0.0019EPSS

CVE•added 2017/10/06 2:29 p.m.•30 views

CVE-2014-8492

Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter.

6.1CVSS6.1AI score0.00152EPSS

CVE•added 2019/08/21 6:15 p.m.•23 views

CVE-2016-10911

The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues.

6.1CVSS6.1AI score0.0019EPSS