WordPress Profile Builder plugin <= 3.6.0 - Cross-Site Request Forgery (CSRF) vulnerability
CVE-2021-36915

4.2MEDIUM

Key Information:

Vendor: WordPress
Status: Profile Builder – User Profile & User Registration Forms (WordPress Plugin)
Vendor: CVE Published:; 11 October 2022

What is CVE-2021-36915?

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Profile Builder – User Profile & User Registration Forms (WordPress plugin) <= 3.6.0 <= 3.6.0

References

https://patchstack.com/database/vulnerability/profile-bui...

https://wordpress.org/plugins/profile-builder/#developers

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Jul 19, 2021

Credit

Vulnerability discovered by John Castro aka mirphak (Patchstack Alliance)

JSON

WordPress

What is CVE-2021-36915?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.