CVE-2021-36915

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 44.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cozmoslabs Profile Builder – User Profile & User Registration Forms (wordpress Plugin)Cozmoslabs Profile Builder

Timeline

PublishedOct 11

Latest updateOct 12

Description

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:LExploitability: 1.6 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5cozmoslabs/profile_builder_–_user_profile_&_user_registration_forms_(wordpress_plugin)3.6.0

▶NVDcozmoslabs/profile_builder3.6.0

🔴Vulnerability Details

GHSA

GHSA-8327-26x5-xq89: Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3↗2022-10-12

▶

CVEList

WordPress Profile Builder plugin <= 3.6.0 - Cross-Site Request Forgery (CSRF) vulnerability↗2022-10-11

▶