Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cozmoslabs profile builder vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2016-10911
The profile-builder plugin prior to 2.4.2 for WordPress has multiple XSS issues.
Cozmoslabs Profile Builder
6.1
CVSSv3
CVE-2014-8492
Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin prior to 2.0.3 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter.
Cozmoslabs Profile Builder
4.3
CVSSv3
CVE-2023-4059
The Profile Builder WordPress plugin prior to 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog
Cozmoslabs Profile Builder
6.1
CVSSv3
CVE-2022-0653
The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows malicious users to ...
Cozmoslabs Profile Builder
4.8
CVSSv3
CVE-2022-0884
The Profile Builder WordPress plugin prior to 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed
Cozmoslabs Profile Builder
6.1
CVSSv3
CVE-2014-10380
The profile-builder plugin prior to 1.1.66 for WordPress has multiple XSS issues in forms.
Cozmoslabs Profile Builder
8.8
CVSSv3
CVE-2024-22140
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a up to and including 3.10.0.
Cozmoslabs Profile Builder
7.5
CVSSv3
CVE-2024-22141
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a up to and including 3.10.0.
Cozmoslabs Profile Builder
6.1
CVSSv3
CVE-2024-22142
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a up to and including 3.10.0.
Cozmoslabs Profile Builder
4.3
CVSSv3
CVE-2021-36915
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on.
Cozmoslabs Profile Builder
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »