Profile Builder
Cozmoslabs
Developer
3.14.9
Latest version
50,000
Installations
20 hours ago
Last updated
Vulnerability history
0 present
23 fixed
9 Mitigation rules
- Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability<= 3.14.3Aug 16, 2025
- Content Spoofing Vulnerability<= 3.13.8Jun 5, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes vulnerability<= 3.13.8Jun 3, 2025
- Admin+ Stored Cross Site Scripting vulnerability<= 3.12.0May 19, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 3.13.6Apr 15, 2025
- Unauthenticated Stored Cross-Site Scripting vulnerability<= 3.12.9Jan 7, 2025
- Unauthenticated Media Upload vulnerability< 3.11.8Jul 29, 2024
- Bypass Vulnerability vulnerability<= 3.11.2Apr 5, 2024
- Missing Authorization to Plugin Settings Change vulnerability<= 3.10.8Jan 16, 2024
- Insecure Direct Object Reference to Sensitive Information Exposure via user_meta Shortcode vulnerability<= 3.10.7Jan 8, 2024
- Cross Site Request Forgery (CSRF) vulnerability<= 3.10.3Nov 8, 2023
- Missing Authorization to Initial Page Creation vulnerability< 3.9.8Aug 9, 2023
- Insecure Password Reset Mechanism vulnerability<= 3.9.0Apr 27, 2023
- Sensitive Information Disclosure via Shortcode vulnerability<= 3.9.0Feb 14, 2023
- Cross-Site Request Forgery (CSRF) vulnerability<= 3.6.0Sep 29, 2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 3.6.7Mar 9, 2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 3.6.1Feb 17, 2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 3.4.7Jun 30, 2021
- Authenticated Blind SQL Injection (SQLi) vulnerability<= 3.3.2Dec 2, 2020
- User Registration With Administrator Role vulnerability<= 3.1.0Feb 10, 2020
- Reflected Cross Site Scripting<= 2.4.1Jul 13, 2016
- Privilege Escalation<= 2.4.0Jul 8, 2016
- BYPASS<= 1.1.59Aug 1, 2014