CVE-2025-49292

CWE-1284CWE-200Information Exposure4 documents4 sources
Severity
4.9MEDIUM
No vector
EPSS
0.1%
top 66.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cozmoslabs Profile Builder
Timeline
PublishedJun 6

Description

Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder profile-builder allows Phishing.This issue affects Profile Builder: from n/a through <= 3.13.8.

Affected Packages1 packages

CVEListV5cozmoslabs/profile_builder3.13.8

🔴Vulnerability Details

2
CVEList
WordPress Profile Builder plugin <= 3.13.8 - Content Spoofing Vulnerability2025-06-06
GHSA
GHSA-6c49-6xv3-mcq8: Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder allows Phishing2025-06-06

📋Vendor Advisories

1
Microsoft
Possible private key restoration in go package github.com/ecies/go2023-12-12
CVE-2025-49292 (MEDIUM CVSS 4.9) | Improper Validation of Specified Qu | cvebase.io