Profile Builder Security Vulnerabilities and Issues — Profile Builder CVE List

Lucene search

CozmoslabsProfile Builder

3 matches found

CVE•added 2024/07/29 6:15 a.m.•85 views

CVE-2024-6366

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.

9.1CVSS6.6AI score0.87395EPSS

CVE•added 2024/07/31 6:15 a.m.•52 views

CVE-2024-6695

it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process.

9.8CVSS6.7AI score0.00296EPSS

CVE•added 2023/04/27 12:15 a.m.•35 views

CVE-2023-2297

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (w...

9.8CVSS7.1AI score0.00316EPSS