Vulnerabilities > Cozmoslabs > Profile Builder > 3.9.8

DATE CVE VULNERABILITY TITLE RISK
2024-02-05 CVE-2024-0324 Missing Authorization vulnerability in Cozmoslabs Profile Builder
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8.
network
low complexity
cozmoslabs CWE-862
7.5
7.5
2024-01-31 CVE-2024-22140 Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.
network
low complexity
cozmoslabs CWE-352
8.8
8.8
2024-01-24 CVE-2024-22141 Information Exposure vulnerability in Cozmoslabs Profile Builder
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.
network
low complexity
cozmoslabs CWE-200
7.5
7.5
2024-01-13 CVE-2024-22142 Cross-site Scripting vulnerability in Cozmoslabs Profile Builder
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0.
network
low complexity
cozmoslabs CWE-79
6.1
6.1
2024-01-11 CVE-2023-6504 Missing Authorization vulnerability in Cozmoslabs Profile Builder
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all versions up to, and including, 3.10.7.
network
low complexity
cozmoslabs CWE-862
4.3
4.3
2023-11-13 CVE-2023-47669 Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.10.3 versions.
network
low complexity
cozmoslabs CWE-352
8.8
8.8