Cozmoslabs
Products
4- 13 CVEs
- 12 CVEs
- 4 CVEs
- 1 CVE
Recent CVEs
30| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-2297 | Cri | 0.64 | 9.8 | 0.01 | Apr 27, 2023 | The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the… | ||
| CVE-2026-27413 | Cri | 0.60 | 9.3 | 0.00 | Mar 19, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0. | ||
| CVE-2024-22140 | Hig | 0.57 | 8.8 | 0.00 | Jan 31, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0. | ||
| CVE-2024-0324 | Hig | 0.56 | 8.2 | 0.02 | Feb 5, 2024 | The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all… | ||
| CVE-2025-58592 | Hig | 0.53 | 8.1 | 0.00 | Nov 6, 2025 | Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.10.2. | ||
| CVE-2025-54017 | Hig | 0.49 | 7.5 | 0.00 | Aug 20, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows PHP Local File Inclusion.This issue affects Paid Member Subscriptions: from n/a through… | ||
| CVE-2025-49870 | Hig | 0.49 | 7.5 | 0.00 | Jul 4, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows SQL Injection.This issue affects Paid Member Subscriptions: from n/a through <= 2.15.1. | ||
| CVE-2025-30773 | Hig | 0.47 | 7.2 | 0.01 | Mar 27, 2025 | Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.9.6. | ||
| CVE-2024-22142 | Hig | 0.46 | 7.1 | 0.00 | Jan 13, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0. | ||
| CVE-2025-68514 | Med | 0.42 | 6.5 | 0.00 | Feb 20, 2026 | Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through <= 2.16.8. | ||
| CVE-2025-31088 | Med | 0.42 | 6.5 | 0.00 | Mar 28, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Stored XSS.This issue affects Paid Member Subscriptions: from n/a through <= 2.14.3. | ||
| CVE-2024-22141 | Med | 0.42 | 6.5 | 0.00 | Jan 24, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0. | ||
| CVE-2023-0814 | Med | 0.42 | 6.5 | 0.01 | Feb 14, 2023 | The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that… | ||
| CVE-2014-8492 | Med | 0.40 | 6.1 | 0.01 | Oct 6, 2017 | Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter. | ||
| CVE-2025-2314 | Med | 0.35 | 6.4 | 0.00 | Apr 16, 2025 | The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient input sanitization and… | ||
| CVE-2025-58600 | Med | 0.34 | 5.3 | 0.00 | Sep 3, 2025 | Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through <= 2.15.9. | ||
| CVE-2024-31341 | Med | 0.34 | 5.3 | 0.00 | May 17, 2024 | Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows Functionality Bypass.This issue affects Profile Builder: from n/a through 3.11.2. | ||
| CVE-2024-1389 | Med | 0.34 | 5.3 | 0.01 | Feb 29, 2024 | The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all… | ||
| CVE-2024-12738 | Med | 0.33 | 6.1 | 0.00 | Jan 7, 2025 | The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several user meta parameters in all versions up to, and including, 3.12.9 due to insufficient input sanitization… | ||
| CVE-2025-49292 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder profile-builder allows Phishing.This issue affects Profile Builder: from n/a through <= 3.13.8. |
- risk 0.64cvss 9.8epss 0.01
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the…
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0.
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.
- risk 0.56cvss 8.2epss 0.02
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all…
- risk 0.53cvss 8.1epss 0.00
Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.10.2.
- risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows PHP Local File Inclusion.This issue affects Paid Member Subscriptions: from n/a through…
- risk 0.49cvss 7.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows SQL Injection.This issue affects Paid Member Subscriptions: from n/a through <= 2.15.1.
- risk 0.47cvss 7.2epss 0.01
Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.9.6.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0.
- risk 0.42cvss 6.5epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through <= 2.16.8.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Stored XSS.This issue affects Paid Member Subscriptions: from n/a through <= 2.14.3.
- risk 0.42cvss 6.5epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.
- risk 0.42cvss 6.5epss 0.01
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that…
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter.
- risk 0.35cvss 6.4epss 0.00
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient input sanitization and…
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through <= 2.15.9.
- risk 0.34cvss 5.3epss 0.00
Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows Functionality Bypass.This issue affects Profile Builder: from n/a through 3.11.2.
- risk 0.34cvss 5.3epss 0.01
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all…
- risk 0.33cvss 6.1epss 0.00
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several user meta parameters in all versions up to, and including, 3.12.9 due to insufficient input sanitization…
- risk 0.28cvss 4.3epss 0.00
Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder profile-builder allows Phishing.This issue affects Profile Builder: from n/a through <= 3.13.8.