Product
cozmoslabs profile builder
22 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-6708
CVE-2024-6695
CVE-2024-6366
CVE-2024-0324
CVE-2024-22140
CVE-2024-22141
CVE-2024-22142
CVE-2023-6504
CVE-2023-47669
CVE-2023-4059
CVE-2023-2297
CVE-2023-0814
CVE-2021-36915
CVE-2022-0884
CVE-2022-0653
CVE-2021-24527
CVE-2021-24448
CVE-2015-9337
CVE-2016-10911
CVE-2015-9328
CVE-2014-10380
CVE-2014-8492
< 3.12.2
The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its conten
< 3.11.9
it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform un
< 3.11.8
The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upl
<= 3.10.8
The User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable
<= 3.10.0
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a
<= 3.10.0
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Prof
<= 3.10.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder P
<= 3.10.7
The User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable
< 3.10.4
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder - Beautiful User Registration Forms, User Profi
< 3.9.8
The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthen
<= 3.9.0
The Profile Builder - User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets i
<= 3.9.0
The Profile Builder - User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosur
<= 3.6.0
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JS
< 3.6.8
The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could all
<= 3.6.1
The Profile Builder - User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insuffi
< 3.4.9
The User Registration & User Profile - Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the pass
< 3.4.8
The User Registration & User Profile - Profile Builder WordPress plugin before 3.4.8 does not sanitise or escape its 'Modify defau
< 2.1.4
The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX.
< 2.4.2
The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues.
< 2.2.5
The profile-builder plugin before 2.2.5 for WordPress has XSS.
< 1.1.66
The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms.
<= 2.0.2
Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 fo