Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Cozmoslabs Subscribe
Total 27 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-24527 1 Cozmoslabs 1 Profile Builder 2024-02-28 10.0 HIGH 9.8 CRITICAL
The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example.
CVE-2021-24473 1 Cozmoslabs 1 User Profile Picture 2024-02-28 5.5 MEDIUM 5.4 MEDIUM
The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher roles).
CVE-2014-10380 1 Cozmoslabs 1 Profile Builder 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms.
CVE-2015-9328 1 Cozmoslabs 1 Profile Builder 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The profile-builder plugin before 2.2.5 for WordPress has XSS.
CVE-2015-9337 1 Cozmoslabs 1 Profile Builder 2024-02-28 5.0 MEDIUM 7.5 HIGH
The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX.
CVE-2016-10911 1 Cozmoslabs 1 Profile Builder 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues.
CVE-2014-8492 1 Cozmoslabs 1 Profile Builder 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter.