Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on.
References
Configurations
History
13 Oct 2022, 02:42
Type | Values Removed | Values Added |
---|---|---|
First Time |
Cozmoslabs profile Builder
Cozmoslabs |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
CPE | cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:* | |
References | (CONFIRM) https://wordpress.org/plugins/profile-builder/#developers - Vendor Advisory | |
References | (CONFIRM) https://patchstack.com/database/vulnerability/profile-builder/wordpress-profile-builder-plugin-3-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve - Vendor Advisory |
11 Oct 2022, 20:34
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-11 20:15
Updated : 2023-12-10 14:35
NVD link : CVE-2021-36915
Mitre link : CVE-2021-36915
CVE.ORG link : CVE-2021-36915
JSON object : View
Products Affected
cozmoslabs
- profile_builder
CWE
CWE-352
Cross-Site Request Forgery (CSRF)