Profile Builder – User Profile & User Registration Forms

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Profile Builder – User Profile & User Registration Forms

Information

Software Type Plugin
Software Slug profile-builder (view on wordpress.org)
Software Status Active
Software Author reflectionmedia
Software Website www.cozmoslabs.com
Software Downloads 3,780,096
Software Active Installs 60,000
Software Record Last Updated May 30, 2023

17 vulnerabilities

Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Sensitive Information Disclosure via Shortcode
6.5
CVE-2023-0814
Feb 13, 2023
Researcher: Lana Codes
Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism
9.8
CVE-2023-2297
Feb 13, 2023
Researcher: Lana Codes
Profile Builder – User Profile & User Registration Forms <= 3.6.4 - Cross-Site Request Forgery
8.8
CVE-2021-36915
Sep 29, 2022
Researcher: mirphak
Profile Builder <= 3.6.7 - Admin+ Stored Cross-Site Scripting
5.5
CVE-2022-0884
Mar 9, 2022
Researcher: Abhinav Porwal
Profile Builder - User Profile & User Registration Forms <= 3.6.1 - Cross-Site Scripting via site_url Parameter
6.1
CVE-2022-0653
Feb 17, 2022
Researcher: Chloe Chamberland
Profile Builder <= 3.4.8 - Admin Access via Password Reset
9.8
CVE-2021-24527
Jul 19, 2021
Researcher: Stiofan
Profile Builder <= 3.4.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
5.5
CVE-2021-24448
Jun 30, 2021
Researcher: Akash Rajendra Patil
Profile Builder/Profile Builder Pro <= 3.3.2 - Authenticated Blind SQL Injection
8.8
CVE ID Unknown
Dec 4, 2020
Researcher: Lenon Leite
Profile Builder <= 3.1.0 - Privilege Escalation
9.8
CVE ID Unknown
Feb 13, 2020
Researcher: Mikey Veenstra
Profile Builder < 2.5.8 - Cross-Site Scripting
5.5
CVE ID Unknown
Mar 10, 2017
Researcher: f3ci
Profile Builder – User Profile & User Registration Forms < 2.4.2 - Cross-Site Scripting
6.1
CVE-2016-10911
Jul 13, 2016
Researcher: Yorick Koster,
Profile Builder <= 2.4.0 - Privilege Escalation
8.8
CVE ID Unknown
Jul 7, 2016
Researcher: Panagiotis Vagenas
Profile Builder – User Profile & User Registration Forms <= 2.2.4 - Reflected Cross-Site Scripting
6.1
CVE-2015-9328
Nov 11, 2015
Researcher: Kacper Szurek
Profile Builder <= 2.1.3 - Missing Access Controls
7.5
CVE-2015-9337
Apr 15, 2015
Researchers:
Profile Builder <= 2.0.2 - Reflected Cross-Site Scripting
6.1
CVE-2014-8492
Oct 30, 2014
Researcher: James Hooker
Profile Builder – User Profile & User Registration Forms < 1.1.66 - Cross-Site Scripting
6.1
CVE-2014-10380
Jul 16, 2014
Researchers:
Profile Builder – User Profile & User Registration Forms Plugin < 1.1.60 - Authentication Bypass
9.8
CVE ID Unknown
May 6, 2014
Researchers:
Title CVE ID CVSS Researchers Date
Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Sensitive Information Disclosure via Shortcode CVE-2023-0814 6.5 Lana Codes February 13, 2023
Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism CVE-2023-2297 9.8 Lana Codes February 13, 2023
Profile Builder – User Profile & User Registration Forms <= 3.6.4 - Cross-Site Request Forgery CVE-2021-36915 8.8 mirphak September 29, 2022
Profile Builder <= 3.6.7 - Admin+ Stored Cross-Site Scripting CVE-2022-0884 5.5 Abhinav Porwal March 9, 2022
Profile Builder - User Profile & User Registration Forms <= 3.6.1 - Cross-Site Scripting via site_url Parameter CVE-2022-0653 6.1 Chloe Chamberland February 17, 2022
Profile Builder <= 3.4.8 - Admin Access via Password Reset CVE-2021-24527 9.8 Stiofan July 19, 2021
Profile Builder <= 3.4.7 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2021-24448 5.5 Akash Rajendra Patil June 30, 2021
Profile Builder/Profile Builder Pro <= 3.3.2 - Authenticated Blind SQL Injection 8.8 Lenon Leite December 4, 2020
Profile Builder <= 3.1.0 - Privilege Escalation 9.8 Mikey Veenstra February 13, 2020
Profile Builder < 2.5.8 - Cross-Site Scripting 5.5 f3ci March 10, 2017
Profile Builder – User Profile & User Registration Forms < 2.4.2 - Cross-Site Scripting CVE-2016-10911 6.1 Yorick Koster, July 13, 2016
Profile Builder <= 2.4.0 - Privilege Escalation 8.8 Panagiotis Vagenas July 7, 2016
Profile Builder – User Profile & User Registration Forms <= 2.2.4 - Reflected Cross-Site Scripting CVE-2015-9328 6.1 Kacper Szurek November 11, 2015
Profile Builder <= 2.1.3 - Missing Access Controls CVE-2015-9337 7.5 April 15, 2015
Profile Builder <= 2.0.2 - Reflected Cross-Site Scripting CVE-2014-8492 6.1 James Hooker October 30, 2014
Profile Builder – User Profile & User Registration Forms < 1.1.66 - Cross-Site Scripting CVE-2014-10380 6.1 July 16, 2014
Profile Builder – User Profile & User Registration Forms Plugin < 1.1.60 - Authentication Bypass 9.8 May 6, 2014

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation