Profile_builder - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Profile_builder
(Cozmoslabs)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	21

Date	Id	Summary	Products	Score	Patch	Annotated
2023-04-27	CVE-2023-2297	The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (wppb_front_end_password_recovery). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker...	Profile_builder	8.1
2023-11-13	CVE-2023-47669	Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.10.3 versions.	Profile_builder	8.8
2024-01-13	CVE-2024-22142	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0.	Profile_builder	6.1
2024-01-24	CVE-2024-22141	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.	Profile_builder	7.5
2024-01-31	CVE-2024-22140	Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.	Profile_builder	8.8
2019-08-22	CVE-2015-9337	The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX.	Profile_builder	7.5
2019-08-21	CVE-2016-10911	The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues.	Profile_builder	6.1
2019-08-21	CVE-2015-9328	The profile-builder plugin before 2.2.5 for WordPress has XSS.	Profile_builder	6.1
2019-08-21	CVE-2014-10380	The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms.	Profile_builder	6.1
2017-10-06	CVE-2014-8492	Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter.	Profile_builder	6.1