Vulnerability Platform

Vulnerability List

CVE ID	Title	Vendor	Product	Severity	CVSS Score	Published At	AI Analysis
CVE-2026-3139	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field	cozmoslabs	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor	Medium	4.3	2026-03-31 11:18:56	Deep Dive
CVE-2025-14444	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment	metagauss	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login	Medium	5.3	2026-02-18 10:20:48	Deep Dive
CVE-2026-1054	RegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification	metagauss	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login	Medium	5.3	2026-01-28 07:27:35	Deep Dive
CVE-2025-15403	RegistrationMagic <= 6.0.7.1 - Unauthenticated Privilege Escalation via admin_order	metagauss	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login	Critical	9.8	2026-01-17 02:22:32	Deep Dive
CVE-2025-13610	RegistrationMagic <= 6.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'RM_Forms' Shortcode	metagauss	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login	Medium	6.4	2025-12-15 14:25:11	Deep Dive
CVE-2025-13054	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	cozmoslabs	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor	Medium	6.4	2025-11-19 05:45:12	Deep Dive
CVE-2017-20208	RegistrationMagic - Custom Registration Forms <= 3.7.9.2 - PHP Object Injection	metagauss	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login	Critical	9.8	2025-10-18 03:33:25	Deep Dive
CVE-2025-11204	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.2 - Authenticated (Administrator+) SQL Injection	metagauss	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login	High	7.2	2025-10-08 04:23:40	Deep Dive
CVE-2025-8896	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting	cozmoslabs	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor	Medium	6.4	2025-08-16 06:39:22	Deep Dive
CVE-2025-4671	Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes	cozmoslabs	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor	Medium	6.4	2025-06-03 11:22:26	Deep Dive
CVE-2025-2314	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	cozmoslabs	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor	Medium	6.4	2025-04-16 01:45:02	Deep Dive
CVE-2025-2836	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting	metagauss	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login	Medium	6.4	2025-04-04 05:22:45	Deep Dive
CVE-2024-12038	Frontend Content Forms for User Submissions (UGC) <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode	themekraft	Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)	Medium	6.4	2025-02-22 04:21:17	Deep Dive
CVE-2024-13818	Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction <= 3.8.4 - Sensitive Information Exposure via Log Files	genetechproducts	Pie Register – User Registration, Profiles & Content Restriction	Medium	5.3	2025-02-21 03:21:21	Deep Dive
CVE-2024-12037	Frontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting	themekraft	Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)	Medium	6.4	2025-01-31 11:11:11	Deep Dive
CVE-2024-12738	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.12.9 - Unauthenticated Stored Cross-Site Scripting	cozmoslabs	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor	Medium	6.1	2025-01-07 12:43:40	Deep Dive
CVE-2024-10508	RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenticated Privilege Escalation via Password Recovery	metagauss	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login	Critical	9.8	2024-11-09 07:35:08	Deep Dive
CVE-2022-4974	Freemius SDK <= 2.4.2 - Missing Authorization Checks	dashlabsltd	YASR – Yet Another Star Rating Plugin for WordPress	Medium	6.3	2024-10-16 06:43:30	Deep Dive
CVE-2024-8246	Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.11 - Authenticated (Contributor+) Privilege Escalation	themekraft	Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)	High	8.8	2024-09-14 03:19:27	Deep Dive
CVE-2024-6069	Pie Register - Basic <= 3.8.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation	genetechproducts	Pie Register – User Registration, Profiles & Content Restriction	High	8.8	2024-07-09 08:33:11	Deep Dive

Goal Reached Thanks to every supporter — we hit 100%!

Vulnerability List