Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor — Vulnerabilities & Security Advisories 11

All 11 CVE vulnerabilities found in User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor, with AI-generated Chinese analysis, references, and POCs.

Vendor: cozmoslabs

CVE IDTitleCVSSSeverityPublished
CVE-2026-3139 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field CWE-639 4.3 Medium2026-03-31
CVE-2025-13054 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2025-11-19
CVE-2025-8896 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-08-16
CVE-2025-4671 Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes CWE-79 6.4 Medium2025-06-03
CVE-2025-2314 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2025-04-16
CVE-2024-12738 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.12.9 - Unauthenticated Stored Cross-Site Scripting CWE-79 6.1 Medium2025-01-07
CVE-2024-0324 User Profile Builder <= 3.10.8 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update CWE-284 8.2 High2024-02-05
CVE-2023-6504 Profile Builder <= 3.10.7 - Insecure Direct Object Reference to Sensitive Information Exposure via user_meta Shortcode CWE-639 4.3 Medium2024-01-11
CVE-2023-47669 WordPress Profile Builder Plugin <= 3.10.3 is vulnerable to Cross Site Request Forgery (CSRF) CWE-352 5.4 Medium2023-11-13
CVE-2023-2297 Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism CWE-620 9.8 Critical2023-04-26
CVE-2023-0814 Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Sensitive Information Disclosure via Shortcode CWE-200 6.5 Medium2023-02-14

All 11 known CVE vulnerabilities affecting User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor with full Chinese analysis, references, and POCs where available.