CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10911 – Profile Builder – User Profile & User Registration Forms < 2.4.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10911
The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues. El plugin profile-builder anterior a la versión 2.4.2 para WordPress tiene múltiples problemas de XSS. • https://wordpress.org/plugins/profile-builder/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9328 – Profile Builder – User Profile & User Registration Forms <= 2.2.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9328
The profile-builder plugin before 2.2.5 for WordPress has XSS. El plugin generador de perfiles anterior a la versión 2.2.5 para WordPress tiene XSS. The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'loginerror', 'wckerrorfields', 'wckerrormessages', and 'field_name' parameters in versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wordpress.org/plugins/profile-builder/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9337 – Profile Builder <= 2.1.3 - Missing Access Controls
https://notcve.org/view.php?id=CVE-2015-9337
The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX. El plugin generador de perfiles anterior a la versión 2.1.4 para WordPress no tiene control de acceso para activar o desactivar complementos a través de AJAX. • https://wordpress.org/plugins/profile-builder/#developers • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-8492 – Profile Builder <= 2.0.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-8492
Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter. Múltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) en assets/misc/fallback-page.php en el plugin Profile Builder en versiones anteriores a la 2.0.3 para WordPress permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante los parámetros (1) site_name, (2) message o (3) site_url. • https://g0blin.co.uk/cve-2014-8492 https://wpvulndb.com/vulnerabilities/8239 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-10380 – Profile Builder – User Profile & User Registration Forms < 1.1.66 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-10380
The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms. El plugin profile-builder anterior a la versión 1.1.66 para WordPress tiene múltiples problemas XSS en los formularios. • https://wordpress.org/plugins/profile-builder/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •