Known Vulnerabilities for Profile Builder by Cozmoslabs
Listed below are 8 of the newest known vulnerabilities associated with "Profile Builder" by "Cozmoslabs".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-3139 | The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vuln... | Not Provided | 2026-03-31 | 2026-03-31 |
| CVE-2025-49292 | Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder profile-builder allows Phishin... | Not Provided | 2025-06-06 | 2026-04-01 |
| CVE-2021-36915 | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading t... | 4.3 - MEDIUM | 2022-10-11 | 2022-10-13 |
| CVE-2021-24527 | The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset t... | 9.8 - CRITICAL | 2021-08-16 | 2023-11-07 |
| CVE-2021-24448 | The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.8 does not sanitise or escape its 'Modif... | 4.8 - MEDIUM | 2021-08-02 | 2023-11-07 |
| CVE-2016-10911 | The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues. | 6.1 - MEDIUM | 2019-08-21 | 2019-08-22 |
| CVE-2015-9337 | The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX. | 7.5 - HIGH | 2019-08-22 | 2019-08-26 |
| CVE-2015-9328 | The profile-builder plugin before 2.2.5 for WordPress has XSS. | 6.1 - MEDIUM | 2019-08-21 | 2019-08-22 |
| CVE-2014-10380 | The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms. | 6.1 - MEDIUM | 2019-08-21 | 2019-08-22 |
| CVE-2014-8492 | Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0... | 6.1 - MEDIUM | 2017-10-06 | 2017-10-13 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cozmoslabs | Profile Builder | 3.0.1 | All | All | All |
| Application | Cozmoslabs | Profile Builder | 3.0.0 | All | All | All |
| Application | Cozmoslabs | Profile Builder | 2.9.9 | All | All | All |
| Application | Cozmoslabs | Profile Builder | 2.9.8 | All | All | All |
| Application | Cozmoslabs | Profile Builder | 2.9.7 | All | All | All |
| Application | Cozmoslabs | Profile Builder | 2.9.6 | All | All | All |
| Application | Cozmoslabs | Profile Builder | 2.9.5 | All | All | All |
| Application | Cozmoslabs | Profile Builder | 2.9.4 | All | All | All |
| Application | Cozmoslabs | Profile Builder | 2.9.3 | All | All | All |
| Application | Cozmoslabs | Profile Builder | 2.9.2 | All | All | All |
| Application | Cozmoslabs | Profile Builder | 2.9.1 | All | All | All |
| Application | Cozmoslabs | Profile Builder | 2.9.0 | All | All | All |
| Application | Cozmoslabs | Profile Builder | 2.8.9 | All | All | All |
| Application | Cozmoslabs | Profile Builder | 2.8.8 | All | All | All |
| Application | Cozmoslabs | Profile Builder | 2.8.7 | All | All | All |
| Application | Cozmoslabs | Profile Builder | 2.8.6 | All | All | All |
| Application | Cozmoslabs | Profile Builder | 2.8.5 | All | All | All |
| Application | Cozmoslabs | Profile Builder | 2.8.4 | All | All | All |
| Application | Cozmoslabs | Profile Builder | 2.8.3 | All | All | All |
| Application | Cozmoslabs | Profile Builder | 2.8.2 | All | All | All |