Vulnerabilities > Cozmoslabs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-14 | CVE-2024-12919 | Unspecified vulnerability in Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. | 9.8 |
| 2024-12-18 | CVE-2024-11291 | Information Exposure vulnerability in Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. | 5.3 |
| 2024-10-02 | CVE-2024-9222 | Cross-site Scripting vulnerability in Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.8. | 6.1 |
| 2024-03-15 | CVE-2023-51522 | Unspecified vulnerability in Cozmoslabs Paid Membership Subscriptions Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4. | 8.8 |
| 2024-02-05 | CVE-2024-0324 | Missing Authorization vulnerability in Cozmoslabs Profile Builder The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. | 7.5 |
| 2024-01-31 | CVE-2024-22140 | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0. | 8.8 |
| 2024-01-24 | CVE-2024-22141 | Unspecified vulnerability in Cozmoslabs Profile Builder Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0. | 7.5 |
| 2024-01-13 | CVE-2024-22142 | Unspecified vulnerability in Cozmoslabs Profile Builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0. | 6.1 |
| 2024-01-11 | CVE-2023-6504 | Missing Authorization vulnerability in Cozmoslabs Profile Builder The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all versions up to, and including, 3.10.7. | 4.3 |
| 2023-11-13 | CVE-2023-47669 | Unspecified vulnerability in Cozmoslabs Profile Builder Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.10.3 versions. | 8.8 |