User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

Information

Software Type Plugin
Software Slug profile-builder (view on wordpress.org)
Software Status Active
Software Author reflectionmedia
Software Website www.cozmoslabs.com
Software Downloads 4,293,113
Software Active Installs 50,000
Software Record Last Updated April 27, 2024

Showing 1-20 of 22 Vulnerabilities

Profile Builder <= 3.11.2 - Restricted Email Bypass
5.3
CVE-2024-31341
Apr 5, 2024
Researcher: Ananda Dhakal
User Profile Builder <= 3.10.8 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update
8.2
CVE-2024-0324
Jan 16, 2024
Researcher: kodaichodai
Profile Builder <= 3.10.7 - Insecure Direct Object Reference to Sensitive Information Exposure via user_meta Shortcode
4.3
CVE-2023-6504
Jan 5, 2024
Researcher: Francesco Carlucci
Profile Builder <= 3.10.3 - Cross-Site Request Forgery via pms-cross-promotion.php
7.1
CVE-2023-47669
Nov 7, 2023
Researcher: Brandon James Roldan (tomorrowisnew)
Profile Builder <= 3.9.7 - Missing Authorization to Initial Page Creation
5.3
CVE-2023-4059
Aug 8, 2023
Researcher: Mesh3l_911
Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism
9.8
CVE-2023-2297
Feb 13, 2023
Researcher: István Márton
Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Sensitive Information Disclosure via Shortcode
6.5
CVE-2023-0814
Feb 13, 2023
Researcher: István Márton
Profile Builder – User Profile & User Registration Forms <= 3.6.4 - Cross-Site Request Forgery
8.8
CVE-2021-36915
Sep 29, 2022
Researcher: mirphak
Profile Builder <= 3.6.7 - Admin+ Stored Cross-Site Scripting
5.5
CVE-2022-0884
Mar 9, 2022
Researcher: Abhinav Porwal
Profile Builder - User Profile & User Registration Forms <= 3.6.1 - Cross-Site Scripting via site_url Parameter
6.1
CVE-2022-0653
Feb 17, 2022
Researcher: Chloe Chamberland
Profile Builder <= 3.4.8 - Admin Access via Password Reset
9.8
CVE-2021-24527
Jul 19, 2021
Researcher: Stiofan
Profile Builder <= 3.4.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
5.5
CVE-2021-24448
Jun 30, 2021
Researcher: Akash Rajendra Patil
Profile Builder/Profile Builder Pro <= 3.3.2 - Authenticated Blind SQL Injection
8.8
CVE ID Unknown
Dec 4, 2020
Researcher: Lenon Leite
Profile Builder <= 3.1.0 - Privilege Escalation
9.8
CVE ID Unknown
Feb 13, 2020
Researcher: Mikey Veenstra
Profile Builder < 2.5.8 - Cross-Site Scripting
5.5
CVE ID Unknown
Mar 10, 2017
Researcher: f3ci
Profile Builder – User Profile & User Registration Forms < 2.4.2 - Cross-Site Scripting
6.1
CVE-2016-10911
Jul 13, 2016
Researcher: Yorick Koster,
Profile Builder <= 2.4.0 - Privilege Escalation
8.8
CVE ID Unknown
Jul 7, 2016
Researcher: Panagiotis Vagenas
Profile Builder – User Profile & User Registration Forms <= 2.2.4 - Reflected Cross-Site Scripting
6.1
CVE-2015-9328
Nov 11, 2015
Researcher: Kacper Szurek
Profile Builder <= 2.1.3 - Missing Access Controls
7.5
CVE-2015-9337
Apr 15, 2015
Researchers:
Profile Builder <= 2.0.2 - Reflected Cross-Site Scripting
6.1
CVE-2014-8492
Oct 30, 2014
Researcher: James Hooker
Title CVE ID CVSS Researchers Date
Profile Builder <= 3.11.2 - Restricted Email Bypass CVE-2024-31341 5.3 Ananda Dhakal April 5, 2024
User Profile Builder <= 3.10.8 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update CVE-2024-0324 8.2 kodaichodai January 16, 2024
Profile Builder <= 3.10.7 - Insecure Direct Object Reference to Sensitive Information Exposure via user_meta Shortcode CVE-2023-6504 4.3 Francesco Carlucci January 5, 2024
Profile Builder <= 3.10.3 - Cross-Site Request Forgery via pms-cross-promotion.php CVE-2023-47669 7.1 Brandon James Roldan (tomorrowisnew) November 7, 2023
Profile Builder <= 3.9.7 - Missing Authorization to Initial Page Creation CVE-2023-4059 5.3 Mesh3l_911 August 8, 2023
Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism CVE-2023-2297 9.8 István Márton February 13, 2023
Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Sensitive Information Disclosure via Shortcode CVE-2023-0814 6.5 István Márton February 13, 2023
Profile Builder – User Profile & User Registration Forms <= 3.6.4 - Cross-Site Request Forgery CVE-2021-36915 8.8 mirphak September 29, 2022
Profile Builder <= 3.6.7 - Admin+ Stored Cross-Site Scripting CVE-2022-0884 5.5 Abhinav Porwal March 9, 2022
Profile Builder - User Profile & User Registration Forms <= 3.6.1 - Cross-Site Scripting via site_url Parameter CVE-2022-0653 6.1 Chloe Chamberland February 17, 2022
Profile Builder <= 3.4.8 - Admin Access via Password Reset CVE-2021-24527 9.8 Stiofan July 19, 2021
Profile Builder <= 3.4.7 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2021-24448 5.5 Akash Rajendra Patil June 30, 2021
Profile Builder/Profile Builder Pro <= 3.3.2 - Authenticated Blind SQL Injection 8.8 Lenon Leite December 4, 2020
Profile Builder <= 3.1.0 - Privilege Escalation 9.8 Mikey Veenstra February 13, 2020
Profile Builder < 2.5.8 - Cross-Site Scripting 5.5 f3ci March 10, 2017
Profile Builder – User Profile & User Registration Forms < 2.4.2 - Cross-Site Scripting CVE-2016-10911 6.1 Yorick Koster, July 13, 2016
Profile Builder <= 2.4.0 - Privilege Escalation 8.8 Panagiotis Vagenas July 7, 2016
Profile Builder – User Profile & User Registration Forms <= 2.2.4 - Reflected Cross-Site Scripting CVE-2015-9328 6.1 Kacper Szurek November 11, 2015
Profile Builder <= 2.1.3 - Missing Access Controls CVE-2015-9337 7.5 April 15, 2015
Profile Builder <= 2.0.2 - Reflected Cross-Site Scripting CVE-2014-8492 6.1 James Hooker October 30, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation