Cozmoslabs Profile Builder User Profile User Registration Forms vulnerabilities
2 known vulnerabilities affecting cozmoslabs/profile_builder_user_profile_user_registration_forms.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-0653P2MEDIUMCVSS 6.1ExploitedPoC≥ 3.6.1, ≤ 3.6.12022-02-24
CVE-2022-0653 [MEDIUM] CWE-79 CVE-2022-0653: The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross
The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specia
nvd
CVE-2021-36915P4MEDIUMCVSS 4.3≤ 3.6.02022-10-11
CVE-2021-36915 [MEDIUM] CWE-352 CVE-2021-36915: Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at Wor
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on.
nvd