User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

Information

Software Type Plugin
Software Slug profile-builder (view on wordpress.org)
Software Status Active
Software Author reflectionmedia
Software Website www.cozmoslabs.com
Software Downloads 3,913,234
Software Active Installs 50,000
Software Record Last Updated September 29, 2023

18 vulnerabilities

9.8
CVE ID Unknown
Feb 13, 2020
Researcher: Mikey Veenstra
5.5
CVE ID Unknown
Mar 10, 2017
Researcher: f3ci
8.8
CVE ID Unknown
Jul 7, 2016
Researcher: Panagiotis Vagenas
Title CVE ID CVSS Researchers Date
Profile Builder <= 3.9.7 - Missing Authorization to Initial Page Creation CVE-2023-4059 5.3 Mesh3l_911 August 8, 2023
Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism CVE-2023-2297 9.8 Lana Codes February 13, 2023
Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Sensitive Information Disclosure via Shortcode CVE-2023-0814 6.5 Lana Codes February 13, 2023
Profile Builder – User Profile & User Registration Forms <= 3.6.4 - Cross-Site Request Forgery CVE-2021-36915 8.8 mirphak September 29, 2022
Profile Builder <= 3.6.7 - Admin+ Stored Cross-Site Scripting CVE-2022-0884 5.5 Abhinav Porwal March 9, 2022
Profile Builder - User Profile & User Registration Forms <= 3.6.1 - Cross-Site Scripting via site_url Parameter CVE-2022-0653 6.1 Chloe Chamberland February 17, 2022
Profile Builder <= 3.4.8 - Admin Access via Password Reset CVE-2021-24527 9.8 Stiofan July 19, 2021
Profile Builder <= 3.4.7 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2021-24448 5.5 Akash Rajendra Patil June 30, 2021
Profile Builder/Profile Builder Pro <= 3.3.2 - Authenticated Blind SQL Injection 8.8 Lenon Leite December 4, 2020
Profile Builder <= 3.1.0 - Privilege Escalation 9.8 Mikey Veenstra February 13, 2020
Profile Builder < 2.5.8 - Cross-Site Scripting 5.5 f3ci March 10, 2017
Profile Builder – User Profile & User Registration Forms < 2.4.2 - Cross-Site Scripting CVE-2016-10911 6.1 Yorick Koster, July 13, 2016
Profile Builder <= 2.4.0 - Privilege Escalation 8.8 Panagiotis Vagenas July 7, 2016
Profile Builder – User Profile & User Registration Forms <= 2.2.4 - Reflected Cross-Site Scripting CVE-2015-9328 6.1 Kacper Szurek November 11, 2015
Profile Builder <= 2.1.3 - Missing Access Controls CVE-2015-9337 7.5 April 15, 2015
Profile Builder <= 2.0.2 - Reflected Cross-Site Scripting CVE-2014-8492 6.1 James Hooker October 30, 2014
Profile Builder – User Profile & User Registration Forms < 1.1.66 - Cross-Site Scripting CVE-2014-10380 6.1 July 16, 2014
Profile Builder – User Profile & User Registration Forms Plugin < 1.1.60 - Authentication Bypass 9.8 May 6, 2014

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation