Profile Builder Pro
Approved changes feed: RSS · Atom
cpe:2.3:a:cozmoslabs:profile_builder_pro:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Cozmoslabs (a6cf7c48-9910-5089-9ac0-ffa6c9be99f9) |
|---|---|
| Product | Profile Builder Pro (9724d807-1033-58cb-b4c2-79d384dd7f5a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-7647 |
vulnerable | 2026-06-03 15:27:57.104378 |
Profile Builder Pro <= 3.14.5 - Unauthenticated PHP Object Injection
HIGH (8.1)
The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybe_unserialize() function on the attacker-controlled 'args' POST parameter within the wppb_request_users_pins_action_callback() AJAX handler, which lacked any nonce verification, type checking, or input validation before deserialization. Because the handler was registered with both wp_ajax_ and wp_ajax_nopriv_ hooks, it was reachable by completely unauthenticated users. This makes it possible for unauthenticated attackers to inject arbitrary PHP objects into application memory.
Published: 2026-05-02T05:29:30.319Z
Updated: 2026-05-04T12:48:13.345Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-27413 |
vulnerable | 2026-06-03 15:18:06.454042 |
WordPress Profile Builder Pro plugin < 3.14.0 - SQL Injection vulnerability
CRITICAL (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0.
Published: 2026-03-19T05:28:13.373Z
Updated: 2026-04-28T16:15:03.091Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22142 |
vulnerable | 2026-06-03 14:54:59.853245 |
WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Scripting (XSS)
HIGH (7.1)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0.
Published: 2024-01-12T23:17:20.712Z
Updated: 2026-04-28T16:09:08.392Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22141 |
vulnerable | 2026-06-03 14:54:59.852835 |
WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Sensitive Data Exposure
MEDIUM (6.5)
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.
Published: 2024-01-24T14:50:44.644Z
Updated: 2026-04-28T16:09:08.746Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22140 |
vulnerable | 2026-06-03 14:54:59.851881 |
WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Request Forgery (CSRF)
HIGH (8.8)
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.
Published: 2024-01-31T13:46:14.903Z
Updated: 2026-04-28T16:09:08.742Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.