User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

Information

Software Type Plugin
Software Slug profile-builder (view on wordpress.org)
Software Status Active
Software Author reflectionmedia
Software Website www.cozmoslabs.com
Software Downloads 4,671,232
Software Active Installs 50,000
Software Record Last Updated December 20, 2024

Showing 1-20 of 24 Vulnerabilities

9.8
CVE ID Unknown
Feb 13, 2020
Researcher: Mikey Veenstra
5.5
CVE ID Unknown
Mar 10, 2017
Researcher: f3ci
8.8
CVE ID Unknown
Jul 7, 2016
Researcher: Panagiotis Vagenas
Title Status CVE ID CVSS Researchers Date
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.11.8 - Authentication Bypass Patched CVE-2024-6695 9.8 John Castro July 10, 2024
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.11.7 - Missing Authorization to Unauthenticated Media Upload Patched CVE-2024-6366 5.3 Michel Prunet July 8, 2024
Profile Builder <= 3.11.2 - Restricted Email Bypass Patched CVE-2024-31341 5.3 Ananda Dhakal April 5, 2024
User Profile Builder <= 3.10.8 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update Patched CVE-2024-0324 8.2 kodaichodai January 16, 2024
Profile Builder <= 3.10.7 - Insecure Direct Object Reference to Sensitive Information Exposure via user_meta Shortcode Patched CVE-2023-6504 4.3 Francesco Carlucci January 5, 2024
Profile Builder <= 3.10.3 - Cross-Site Request Forgery via pms-cross-promotion.php Patched CVE-2023-47669 7.1 Brandon James Roldan (tomorrowisnew) November 7, 2023
Profile Builder <= 3.9.7 - Missing Authorization to Initial Page Creation Patched CVE-2023-4059 5.3 Mesh3l_911 August 8, 2023
Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism Patched CVE-2023-2297 9.8 István Márton February 13, 2023
Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Sensitive Information Disclosure via Shortcode Patched CVE-2023-0814 6.5 István Márton February 13, 2023
Profile Builder – User Profile & User Registration Forms <= 3.6.4 - Cross-Site Request Forgery Patched CVE-2021-36915 8.8 mirphak September 29, 2022
Profile Builder <= 3.6.7 - Admin+ Stored Cross-Site Scripting Patched CVE-2022-0884 5.5 Abhinav Porwal March 9, 2022
Profile Builder - User Profile & User Registration Forms <= 3.6.1 - Cross-Site Scripting via site_url Parameter Patched CVE-2022-0653 6.1 Chloe Chamberland February 17, 2022
Profile Builder <= 3.4.8 - Admin Access via Password Reset Patched CVE-2021-24527 9.8 Stiofan July 19, 2021
Profile Builder <= 3.4.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2021-24448 5.5 Akash Rajendra Patil June 30, 2021
Profile Builder/Profile Builder Pro <= 3.3.2 - Authenticated Blind SQL Injection Patched 8.8 Lenon Leite December 4, 2020
Profile Builder <= 3.1.0 - Privilege Escalation Patched 9.8 Mikey Veenstra February 13, 2020
Profile Builder < 2.5.8 - Cross-Site Scripting Patched 5.5 f3ci March 10, 2017
Profile Builder – User Profile & User Registration Forms < 2.4.2 - Cross-Site Scripting Patched CVE-2016-10911 6.1 Yorick Koster, July 13, 2016
Profile Builder <= 2.4.0 - Privilege Escalation Patched 8.8 Panagiotis Vagenas July 7, 2016
Profile Builder – User Profile & User Registration Forms <= 2.2.4 - Reflected Cross-Site Scripting Patched CVE-2015-9328 6.1 Kacper Szurek November 11, 2015

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation