Cozmoslabs Profile Builder — known CVE vulnerabilities
Every CVE whose affected-product data names Cozmoslabs Profile Builder, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2024-6695 — CVSS 9.8 (critical): it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform…
CVE-2023-2297 — CVSS 9.8 (critical): The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in…
CVE-2021-24527 — CVSS 9.8 (critical): The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of…
CVE-2024-6366 — CVSS 9.1 (critical): The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media…
CVE-2024-0324 — CVSS 8.2 (high): The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to…
CVE-2015-9337 — CVSS 7.5 (high): The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX.
CVE-2024-22142 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows…
CVE-2024-22141 — CVSS 6.5 (medium): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile…
CVE-2023-0814 — CVSS 6.5 (medium): The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via…
CVE-2014-8492 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for…
CVE-2022-0653 — CVSS 6.1 (medium): The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient…
CVE-2023-47669 — CVSS 5.4 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles &…
CVE-2022-0884 — CVSS 4.8 (medium): The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high…
CVE-2021-24448 — CVSS 4.8 (medium): The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.8 does not sanitise or escape its 'Modify default…
CVE-2024-6708 — CVSS 4.8 (medium): The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the…
CVE-2023-4059 — CVSS 4.3 (medium): The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated…
CVE-2023-6504 — CVSS 4.3 (medium): The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to…
CVE-2021-36915 — CVSS 4.2 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file…