Cozmoslabs Profile Builder vulnerabilities
24 known vulnerabilities affecting cozmoslabs/profile_builder.
Total CVEs
24
CISA KEV
0
Public exploits
3
Exploited in wild
3
Severity breakdown
CRITICAL3HIGH6MEDIUM15
Vulnerabilities
Page 2 of 2
CVE-2025-49292P4MEDIUMCVSS 4.3≤ 3.13.82025-06-06
CVE-2025-49292 [MEDIUM] CWE-1284 CVE-2025-49292: Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder profi
Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder profile-builder allows Phishing.This issue affects Profile Builder: from n/a through <= 3.13.8.
nvd
CVE-2024-6708P4MEDIUMCVSS 4.8fixed in 3.12.22025-05-15
CVE-2024-6708 [MEDIUM] CWE-79 CVE-2024-6708: The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameter
The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks.
nvd
CVE-2023-4059P4MEDIUMCVSS 4.3fixed in 3.9.82023-09-04
CVE-2023-4059 [MEDIUM] CWE-352 CVE-2023-4059: The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation
The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog
nvd
CVE-2021-36915P4MEDIUMCVSS 4.3≤ 3.6.02022-10-11
CVE-2021-36915 [MEDIUM] CWE-352 CVE-2021-36915: Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at Wor
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on.
nvd
← Previous2 / 2