Vulnerabilities > Cozmoslabs > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2024-0324 | Missing Authorization vulnerability in Cozmoslabs Profile Builder The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. | 7.5 |
| 2024-01-31 | CVE-2024-22140 | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0. | 8.8 |
| 2024-01-24 | CVE-2024-22141 | Information Exposure vulnerability in Cozmoslabs Profile Builder Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0. | 7.5 |
| 2023-11-13 | CVE-2023-47669 | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.10.3 versions. | 8.8 |
| 2023-04-27 | CVE-2023-2297 | Improper Authentication vulnerability in Cozmoslabs Profile Builder The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. | 8.1 |
| 2023-03-15 | CVE-2023-25968 | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Client Portal Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin Ungureanu, Antohe Cristian Client Portal – Private user pages and login plugin <= 1.1.8 versions. | 8.8 |
| 2022-09-19 | CVE-2022-3141 | SQL Injection vulnerability in Cozmoslabs Translatepress The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. | 8.8 |
| 2021-09-13 | CVE-2021-24728 | SQL Injection vulnerability in Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages. | 8.8 |