Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Cozmoslabs — Vulnerabilities & Security Advisories 39

Browse all 39 CVE security advisories affecting Cozmoslabs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Cozmoslabs:User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role EditorPaid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content RestrictionPaid Member SubscriptionsProfile Builder ProProfile BuilderTranslatePressWP WebhooksProfile Builder – User Profile & User Registration Forms (WordPress plugin)Profile Builder – User Profile & User Registration FormsUser Profile PictureWP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPress
CVE IDTitleCVSSSeverityPaused
CVE-2026-3139 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field — User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role EditorCWE-639 4.3 Medium2026-03-31
CVE-2026-27413 WordPress Profile Builder Pro plugin < 3.14.0 - SQL Injection vulnerability — Profile Builder ProCWE-89 9.3 Critical2026-03-19
CVE-2025-68514 WordPress Paid Member Subscriptions plugin <= 2.16.8 - Insecure Direct Object References (IDOR) vulnerability — Paid Member SubscriptionsCWE-639 8.1AIHighAI2026-02-20
CVE-2025-66074 WordPress WP Webhooks plugin <= 3.3.8 - Arbitrary File Upload vulnerability — WP WebhooksCWE-434 9.0 Critical2025-12-18
CVE-2025-66073 WordPress WP Webhooks plugin <= 3.3.8 - PHP Object Injection vulnerability — WP WebhooksCWE-502 7.2 High2025-11-21
CVE-2025-13054 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role EditorCWE-79 6.4 Medium2025-11-19
CVE-2025-58592 WordPress TranslatePress Plugin <= 2.10.2 - Deserialization of untrusted data Vulnerability — TranslatePressCWE-502 9.8 -2025-11-06
CVE-2025-11835 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.16.4 - Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewal — Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content RestrictionCWE-862 5.3 Medium2025-11-05
CVE-2025-58600 WordPress Paid Member Subscriptions Plugin <= 2.15.9 - Broken Access Control Vulnerability — Paid Member SubscriptionsCWE-862 5.3 Medium2025-09-03
CVE-2025-8895 WP Webhooks <= 3.3.5 - Unauthenticated Arbitrary File Copy — WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPressCWE-22 9.8 Critical2025-08-21
CVE-2025-54017 WordPress Paid Member Subscriptions <= 2.15.4 - Local File Inclusion Vulnerability — Paid Member SubscriptionsCWE-98 7.5 High2025-08-20
CVE-2025-8896 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting — User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role EditorCWE-79 6.4 Medium2025-08-16
CVE-2025-49870 WordPress Paid Member Subscriptions plugin <= 2.15.1 - SQL Injection Vulnerability — Paid Member SubscriptionsCWE-89 7.5 High2025-07-04
CVE-2025-49292 WordPress Profile Builder plugin <= 3.13.8 - Content Spoofing Vulnerability — Profile BuilderCWE-1284 4.3 Medium2025-06-06
CVE-2025-4671 Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes — User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role EditorCWE-79 6.4 Medium2025-06-03
CVE-2025-2314 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role EditorCWE-79 6.4 Medium2025-04-16
CVE-2025-31088 WordPress Paid Member Subscriptions plugin <= 2.14.3 - Cross Site Scripting (XSS) Vulnerability — Paid Member SubscriptionsCWE-79 6.5 Medium2025-03-28
CVE-2025-30773 WordPress TranslatePress plugin <= 2.9.6 - PHP Object Injection Vulnerability — TranslatePressCWE-502 7.2 High2025-03-27
CVE-2024-12919 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.7 - Authentication Bypass via pms_payment_id — Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content RestrictionCWE-287 9.8 Critical2025-01-14
CVE-2024-12738 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.12.9 - Unauthenticated Stored Cross-Site Scripting — User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role EditorCWE-79 6.1 Medium2025-01-07
CVE-2024-11291 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.4 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure — Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content RestrictionCWE-200 5.3 Medium2024-12-18
CVE-2024-10261 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.0 - Unauthenticated Arbitrary Shortcode Execution — Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content RestrictionCWE-94 7.3 High2024-11-09
CVE-2024-9222 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.12.8 - Reflected Cross-Site Scripting — Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content RestrictionCWE-79 6.1 Medium2024-10-02
CVE-2024-5639 User Profile Picture <= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update — User Profile PictureCWE-639 4.3 Medium2024-06-21
CVE-2024-31341 WordPress User Profile Builder plugin <= 3.11.2 - Bypass Vulnerability vulnerability — Profile BuilderCWE-345 5.3 Medium2024-05-17
CVE-2024-32728 WordPress Paid Membership Subscriptions plugin <= 2.11.0 - Cross Site Request Forgery (CSRF) vulnerability — Paid Member SubscriptionsCWE-352 4.3 Medium2024-04-24
CVE-2023-51522 WordPress Paid Membership Subscriptions plugin <= 2.10.4 - Cross Site Request Forgery (CSRF) vulnerability — Paid Member SubscriptionsCWE-352 4.3 Medium2024-03-15
CVE-2024-1389 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return — Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content RestrictionCWE-862 5.3 Medium2024-02-20
CVE-2024-1390 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via creating_pricing_table_page — Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content RestrictionCWE-862 4.3 Medium2024-02-20
CVE-2024-0324 User Profile Builder <= 3.10.8 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update — User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role EditorCWE-284 8.2 High2024-02-05

This page lists every published CVE security advisory associated with Cozmoslabs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.