Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Profile_builder
(Cozmoslabs)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 19 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-04 | CVE-2023-4059 | The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog | Profile_builder | 4.3 | ||
| 2022-10-11 | CVE-2021-36915 | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on. | Profile_builder | 4.3 | ||
| 2022-04-04 | CVE-2022-0884 | The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed | Profile_builder | 4.8 | ||
| 2022-02-24 | CVE-2022-0653 | The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1. | Profile_builder | 6.1 | ||
| 2019-08-22 | CVE-2015-9337 | The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX. | Profile_builder | 7.5 | ||
| 2019-08-21 | CVE-2016-10911 | The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues. | Profile_builder | 6.1 | ||
| 2019-08-21 | CVE-2015-9328 | The profile-builder plugin before 2.2.5 for WordPress has XSS. | Profile_builder | 6.1 | ||
| 2019-08-21 | CVE-2014-10380 | The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms. | Profile_builder | 6.1 | ||
| 2017-10-06 | CVE-2014-8492 | Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter. | Profile_builder | 6.1 |