Vulnerabilities > CVE-2021-36915 - Unspecified vulnerability in Cozmoslabs Profile Builder
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on.
Vulnerable Configurations
References
- https://patchstack.com/database/vulnerability/profile-builder/wordpress-profile-builder-plugin-3-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/profile-builder/wordpress-profile-builder-plugin-3-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
- https://wordpress.org/plugins/profile-builder/#developers
- https://wordpress.org/plugins/profile-builder/#developers