Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Cozmoslabs Subscribe
Total 27 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-24473 1 Cozmoslabs 1 User Profile Picture 2021-09-20 5.5 MEDIUM 5.4 MEDIUM
The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher roles).
CVE-2021-24170 1 Cozmoslabs 1 User Profile Picture 2021-04-09 5.0 MEDIUM 7.5 HIGH
The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information.
CVE-2015-9337 1 Cozmoslabs 1 Profile Builder 2019-08-26 5.0 MEDIUM 7.5 HIGH
The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX.
CVE-2014-10380 1 Cozmoslabs 1 Profile Builder 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms.
CVE-2015-9328 1 Cozmoslabs 1 Profile Builder 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The profile-builder plugin before 2.2.5 for WordPress has XSS.
CVE-2016-10911 1 Cozmoslabs 1 Profile Builder 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues.
CVE-2014-8492 1 Cozmoslabs 1 Profile Builder 2017-10-13 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter.