Profile Builder Security Vulnerabilities and Issues — Profile Builder CVE List

Lucene search

CozmoslabsProfile Builder

6 matches found

CVE•added 2024/07/29 6:15 a.m.•92 views

CVE-2024-6366

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.

9.1CVSS6.6AI score0.91198EPSS

CVE•added 2024/02/05 10:15 p.m.•49 views

CVE-2024-0324

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and includ...

8.2CVSS7.5AI score0.4596EPSS

CVE•added 2024/01/31 2:15 p.m.•38 views

CVE-2024-22140

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.

8.8CVSS8.6AI score0.00126EPSS

CVE•added 2024/01/11 9:15 a.m.•33 views

CVE-2023-6504

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all versions up to, and including, 3.10.7. This makes i...

4.3CVSS4.4AI score0.00176EPSS

CVE•added 2024/01/24 3:15 p.m.•32 views

CVE-2024-22141

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.

7.5CVSS7.6AI score0.00233EPSS

CVE•added 2024/01/13 12:15 a.m.•32 views

CVE-2024-22142

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0.

7.1CVSS6.5AI score0.0007EPSS