Vulnerabilities > Cozmoslabs > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2024-0324 | Missing Authorization vulnerability in Cozmoslabs Profile Builder The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. | 7.5 |
| 2024-01-31 | CVE-2024-22140 | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0. | 8.8 |
| 2024-01-24 | CVE-2024-22141 | Unspecified vulnerability in Cozmoslabs Profile Builder Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0. | 7.5 |
| 2023-11-13 | CVE-2023-47669 | Unspecified vulnerability in Cozmoslabs Profile Builder Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.10.3 versions. | 8.8 |
| 2023-04-27 | CVE-2023-2297 | Improper Authentication vulnerability in Cozmoslabs Profile Builder The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. | 8.1 |
| 2023-03-15 | CVE-2023-25968 | Unspecified vulnerability in Cozmoslabs Client Portal Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin Ungureanu, Antohe Cristian Client Portal – Private user pages and login plugin <= 1.1.8 versions. | 8.8 |
| 2022-09-19 | CVE-2022-3141 | Unspecified vulnerability in Cozmoslabs Translatepress The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. | 8.8 |
| 2021-09-13 | CVE-2021-24728 | Unspecified vulnerability in Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages. | 8.8 |
| 2021-04-05 | CVE-2021-24170 | Information Exposure vulnerability in Cozmoslabs User Profile Picture The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. | 7.5 |
| 2019-08-22 | CVE-2015-9337 | Improper Access Control vulnerability in Cozmoslabs Profile Builder The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX. | 7.5 |