Cozmoslabs

Profile Builder

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-49292

  • EPSS 0.07%
  • Veröffentlicht 06.06.2025 12:53:45
  • Zuletzt bearbeitet 06.06.2025 14:06:58

Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder allows Phishing. This issue affects Profile Builder: from n/a through 3.13.8.

4.8

CVE-2024-6708

Exploit
  • EPSS 0.06%
  • Veröffentlicht 15.05.2025 20:15:55
  • Zuletzt bearbeitet 04.06.2025 20:09:28

The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks.

9.8

CVE-2024-6695

Exploit
  • EPSS 1.08%
  • Veröffentlicht 31.07.2024 06:15:04
  • Zuletzt bearbeitet 02.01.2026 20:18:13

it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process.

9.1

CVE-2024-6366

Exploit
  • EPSS 91.98%
  • Veröffentlicht 29.07.2024 06:15:02
  • Zuletzt bearbeitet 30.05.2025 16:55:36

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.

5.3

CVE-2024-31341

  • EPSS 0.12%
  • Veröffentlicht 17.05.2024 09:15:35
  • Zuletzt bearbeitet 21.11.2024 09:13:19

Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows Functionality Bypass.This issue affects Profile Builder: from n/a through 3.11.2.

7.5

CVE-2024-0324

  • EPSS 45.96%
  • Veröffentlicht 05.02.2024 22:15:59
  • Zuletzt bearbeitet 15.05.2025 20:15:31

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_u...

8.8

CVE-2024-22140

  • EPSS 0.13%
  • Veröffentlicht 31.01.2024 14:15:49
  • Zuletzt bearbeitet 21.11.2024 08:55:39

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.

7.5

CVE-2024-22141

  • EPSS 0.23%
  • Veröffentlicht 24.01.2024 15:15:08
  • Zuletzt bearbeitet 21.11.2024 08:55:40

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.

6.1

CVE-2024-22142

  • EPSS 0.07%
  • Veröffentlicht 13.01.2024 00:15:44
  • Zuletzt bearbeitet 21.11.2024 08:55:40

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0.

4.3

CVE-2023-6504

  • EPSS 0.18%
  • Veröffentlicht 11.01.2024 09:15:48
  • Zuletzt bearbeitet 03.06.2025 14:15:38

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all ve...