VYPR

Vendor CVEs

Cozmoslabs

All CVEs

30 total · sorted by risk
  • CVE-2023-2297CriApr 27, 2023
    risk 0.64cvss 9.8epss 0.01

    The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the…

  • CVE-2026-27413CriMar 19, 2026
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0.

  • CVE-2024-22140HigJan 31, 2024
    risk 0.57cvss 8.8epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.

  • CVE-2024-0324HigFeb 5, 2024
    risk 0.56cvss 8.2epss 0.02

    The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all…

  • CVE-2025-58592HigNov 6, 2025
    risk 0.53cvss 8.1epss 0.00

    Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.10.2.

  • CVE-2025-54017HigAug 20, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows PHP Local File Inclusion.This issue affects Paid Member Subscriptions: from n/a through…

  • CVE-2025-49870HigJul 4, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows SQL Injection.This issue affects Paid Member Subscriptions: from n/a through <= 2.15.1.

  • CVE-2025-30773HigMar 27, 2025
    risk 0.47cvss 7.2epss 0.01

    Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.9.6.

  • CVE-2024-22142HigJan 13, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0.

  • CVE-2025-68514MedFeb 20, 2026
    risk 0.42cvss 6.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through <= 2.16.8.

  • CVE-2025-31088MedMar 28, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Stored XSS.This issue affects Paid Member Subscriptions: from n/a through <= 2.14.3.

  • CVE-2024-22141MedJan 24, 2024
    risk 0.42cvss 6.5epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.

  • CVE-2023-0814MedFeb 14, 2023
    risk 0.42cvss 6.5epss 0.01

    The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that…

  • CVE-2014-8492MedOct 6, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter.

  • CVE-2025-2314MedApr 16, 2025
    risk 0.35cvss 6.4epss 0.00

    The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient input sanitization and…

  • CVE-2025-58600MedSep 3, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through <= 2.15.9.

  • CVE-2024-31341MedMay 17, 2024
    risk 0.34cvss 5.3epss 0.00

    Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows Functionality Bypass.This issue affects Profile Builder: from n/a through 3.11.2.

  • CVE-2024-1389MedFeb 29, 2024
    risk 0.34cvss 5.3epss 0.01

    The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all…

  • CVE-2024-12738MedJan 7, 2025
    risk 0.33cvss 6.1epss 0.00

    The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several user meta parameters in all versions up to, and including, 3.12.9 due to insufficient input sanitization…

  • CVE-2025-49292MedJun 6, 2025
    risk 0.28cvss 4.3epss 0.00

    Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder profile-builder allows Phishing.This issue affects Profile Builder: from n/a through <= 3.13.8.

  • CVE-2024-34827MedMay 14, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Razvan Mocanu, Madalin Ungureanu, Cristophor Hurduban TranslatePress.This issue affects TranslatePress: from n/a through 2.7.5.

  • CVE-2023-51522MedMar 15, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4.

  • CVE-2024-1390MedFeb 29, 2024
    risk 0.28cvss 4.3epss 0.01

    The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creating_pricing_table_page function in all versions up to, and…

  • CVE-2024-5639MedJun 21, 2024
    risk 0.21cvss 4.3epss 0.00

    The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_change_profile_image' function due to missing validation on a user controlled key. This makes it possible for…

  • CVE-2023-6504MedJan 11, 2024
    risk 0.21cvss 4.3epss 0.00

    The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all versions up to, and…

  • CVE-2021-24610Sep 27, 2021
    risk 0.03cvss epss 0.05

    The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to…

  • CVE-2024-12919Jan 14, 2025
    risk 0.00cvss epss 0.01

    The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pms_pb_payment_redirect_link function using the…

  • CVE-2024-11291Dec 18, 2024
    risk 0.00cvss epss 0.00

    The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible…

  • CVE-2024-10261Nov 9, 2024
    risk 0.00cvss epss 0.00

    The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an…

  • CVE-2024-9222Oct 2, 2024
    risk 0.00cvss epss 0.00

    The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and…