VYPR

Profile Builder

by WordPress

Source repositories

CVEs (22)

  • CVE-2025-15030CriFeb 2, 2026
    risk 0.64cvss 9.8epss 0.00

    The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account

  • CVE-2023-2297CriApr 27, 2023
    risk 0.64cvss 9.8epss 0.01

    The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the…

  • CVE-2024-6366CriJul 29, 2024
    risk 0.61cvss 9.1epss 0.29

    The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.

  • CVE-2024-0324HigFeb 5, 2024
    risk 0.53cvss 8.2epss 0.02

    The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all…

  • CVE-2015-9337HigAug 22, 2019
    risk 0.49cvss 7.5epss 0.01

    The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX.

  • CVE-2023-0814MedFeb 14, 2023
    risk 0.42cvss 6.5epss 0.01

    The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that…

  • CVE-2022-0653MedFeb 24, 2022
    risk 0.40cvss 6.1epss 0.03

    The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject…

  • CVE-2016-10911MedAug 21, 2019
    risk 0.40cvss 6.1epss 0.01

    The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues.

  • CVE-2015-9328MedAug 21, 2019
    risk 0.40cvss 6.1epss 0.01

    The profile-builder plugin before 2.2.5 for WordPress has XSS.

  • CVE-2014-8492MedOct 6, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter.

  • CVE-2025-13054MedNov 19, 2025
    risk 0.35cvss 6.4epss 0.00

    The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppb-embed shortcode in all versions up to, and including, 3.14.8 due to insufficient input…

  • CVE-2025-4671MedJun 3, 2025
    risk 0.35cvss 6.4epss 0.00

    The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's user_meta and compare shortcodes in all versions up to, and including, 3.13.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes…

  • CVE-2025-2314MedApr 16, 2025
    risk 0.35cvss 6.4epss 0.00

    The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient input sanitization and…

  • CVE-2023-47669MedNov 13, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.10.3 versions.

  • CVE-2024-31341MedMay 17, 2024
    risk 0.34cvss 5.3epss 0.00

    Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows Functionality Bypass.This issue affects Profile Builder: from n/a through 3.11.2.

  • CVE-2024-12738MedJan 7, 2025
    risk 0.33cvss 6.1epss 0.00

    The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several user meta parameters in all versions up to, and including, 3.12.9 due to insufficient input sanitization…

  • CVE-2024-6708MedMay 15, 2025
    risk 0.31cvss 4.8epss 0.00

    The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks.

  • CVE-2022-0884MedApr 4, 2022
    risk 0.31cvss 4.8epss 0.01

    The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed

  • CVE-2025-49292MedJun 6, 2025
    risk 0.28cvss 4.3epss 0.00

    Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder profile-builder allows Phishing.This issue affects Profile Builder: from n/a through <= 3.13.8.

  • CVE-2023-4059MedSep 4, 2023
    risk 0.28cvss 4.3epss 0.00

    The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog

Page 1 of 2