cbcvebase.

Cozmoslabs Profile Builder vulnerabilities

24 known vulnerabilities affecting cozmoslabs/profile_builder.

Total CVEs
24
CISA KEV
0
Public exploits
3
Exploited in wild
3
Severity breakdown
CRITICAL3HIGH6MEDIUM15

Vulnerabilities

Page 2 of 2
CVE-2025-49292P4MEDIUMCVSS 4.3≤ 3.13.82025-06-06
CVE-2025-49292 [MEDIUM] CWE-1284 CVE-2025-49292: Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder profi Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder profile-builder allows Phishing.This issue affects Profile Builder: from n/a through <= 3.13.8.
nvd
CVE-2024-6708P4MEDIUMCVSS 4.8fixed in 3.12.22025-05-15
CVE-2024-6708 [MEDIUM] CWE-79 CVE-2024-6708: The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameter The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks.
nvd
CVE-2023-4059P4MEDIUMCVSS 4.3fixed in 3.9.82023-09-04
CVE-2023-4059 [MEDIUM] CWE-352 CVE-2023-4059: The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog
nvd
CVE-2021-36915P4MEDIUMCVSS 4.3≤ 3.6.02022-10-11
CVE-2021-36915 [MEDIUM] CWE-352 CVE-2021-36915: Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at Wor Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on.
nvd
Cozmoslabs Profile Builder vulnerabilities | cvebase