Vulnerabilities > Cozmoslabs > Profile Builder > 3.10.3

DATE CVE VULNERABILITY TITLE RISK
2024-02-05 CVE-2024-0324 Missing Authorization vulnerability in Cozmoslabs Profile Builder
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8.
network
low complexity
cozmoslabs CWE-862
7.5
7.5
2024-01-11 CVE-2023-6504 Missing Authorization vulnerability in Cozmoslabs Profile Builder
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all versions up to, and including, 3.10.7.
network
low complexity
cozmoslabs CWE-862
4.3
4.3
2023-11-13 CVE-2023-47669 Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.10.3 versions.
network
low complexity
cozmoslabs CWE-352
8.8
8.8