Search criteria
2 vulnerabilities found for Profile Builder – User Profile & User Registration Forms by Unknown
CVE-2022-0884 (GCVE-0-2022-0884)
Vulnerability from nvd – Published: 2022-04-04 15:35 – Updated: 2024-08-02 23:47
VLAI?
Title
Profile Builder < 3.6.8 - Admin+ Stored Cross-Site Scripting
Summary
The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Profile Builder – User Profile & User Registration Forms |
Affected:
3.6.8 , < 3.6.8
(custom)
|
Credits
Abhinav Porwal
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:41.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/af06b96c-105f-429c-b2ad-c8c823897dba"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2690776"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Profile Builder \u2013 User Profile \u0026 User Registration Forms",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.6.8",
"status": "affected",
"version": "3.6.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Abhinav Porwal"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T15:35:55",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/af06b96c-105f-429c-b2ad-c8c823897dba"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2690776"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Profile Builder \u003c 3.6.8 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0884",
"STATE": "PUBLIC",
"TITLE": "Profile Builder \u003c 3.6.8 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Profile Builder \u2013 User Profile \u0026 User Registration Forms",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.6.8",
"version_value": "3.6.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Abhinav Porwal"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/af06b96c-105f-429c-b2ad-c8c823897dba",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/af06b96c-105f-429c-b2ad-c8c823897dba"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2690776",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2690776"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0884",
"datePublished": "2022-04-04T15:35:55",
"dateReserved": "2022-03-08T00:00:00",
"dateUpdated": "2024-08-02T23:47:41.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0884 (GCVE-0-2022-0884)
Vulnerability from cvelistv5 – Published: 2022-04-04 15:35 – Updated: 2024-08-02 23:47
VLAI?
Title
Profile Builder < 3.6.8 - Admin+ Stored Cross-Site Scripting
Summary
The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Profile Builder – User Profile & User Registration Forms |
Affected:
3.6.8 , < 3.6.8
(custom)
|
Credits
Abhinav Porwal
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:41.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/af06b96c-105f-429c-b2ad-c8c823897dba"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2690776"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Profile Builder \u2013 User Profile \u0026 User Registration Forms",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.6.8",
"status": "affected",
"version": "3.6.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Abhinav Porwal"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T15:35:55",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/af06b96c-105f-429c-b2ad-c8c823897dba"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2690776"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Profile Builder \u003c 3.6.8 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0884",
"STATE": "PUBLIC",
"TITLE": "Profile Builder \u003c 3.6.8 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Profile Builder \u2013 User Profile \u0026 User Registration Forms",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.6.8",
"version_value": "3.6.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Abhinav Porwal"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/af06b96c-105f-429c-b2ad-c8c823897dba",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/af06b96c-105f-429c-b2ad-c8c823897dba"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2690776",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2690776"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0884",
"datePublished": "2022-04-04T15:35:55",
"dateReserved": "2022-03-08T00:00:00",
"dateUpdated": "2024-08-02T23:47:41.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}