Cozmoslabs

Profile Builder

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2023-47669

  • EPSS 0.05%
  • Veröffentlicht 13.11.2023 02:15:09
  • Zuletzt bearbeitet 21.11.2024 08:30:38

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.10.3 versions.

4.3

CVE-2023-4059

  • EPSS 0.1%
  • Veröffentlicht 04.09.2023 12:15:10
  • Zuletzt bearbeitet 06.03.2025 16:15:43

The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog

8.1

CVE-2023-2297

Exploit
  • EPSS 0.24%
  • Veröffentlicht 27.04.2023 00:15:08
  • Zuletzt bearbeitet 21.11.2024 07:58:20

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insuffi...

6.5

CVE-2023-0814

  • EPSS 0.27%
  • Veröffentlicht 14.02.2023 02:15:10
  • Zuletzt bearbeitet 21.11.2024 07:37:53

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensi...

4.3

CVE-2021-36915

  • EPSS 0.33%
  • Veröffentlicht 11.10.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 06:14:17

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on.

4.8

CVE-2022-0884

Exploit
  • EPSS 0.21%
  • Veröffentlicht 04.04.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:39:35

The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed

6.1

CVE-2022-0653

Exploit
  • EPSS 5.65%
  • Veröffentlicht 24.02.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:39:06

The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows...

10

CVE-2021-24527

Exploit
  • EPSS 76.79%
  • Veröffentlicht 16.08.2021 11:15:08
  • Zuletzt bearbeitet 21.11.2024 05:53:14

The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthe...

4.8

CVE-2021-24448

Exploit
  • EPSS 0.41%
  • Veröffentlicht 02.08.2021 11:15:09
  • Zuletzt bearbeitet 21.11.2024 05:53:05

The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.8 does not sanitise or escape its 'Modify default Redirect Delay timer' setting, allowing high privilege users to use JavaScript code in it, even when the unfiltered_h...

7.5

CVE-2015-9337

  • EPSS 0.21%
  • Veröffentlicht 22.08.2019 14:15:11
  • Zuletzt bearbeitet 21.11.2024 02:40:22

The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX.