VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 31 known issues Latest disclosed Mar 30, 2026

User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor Vulnerabilities

Review known vulnerability records for the WordPress plugin User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (`profile-builder`), including severity, CVE references, affected versions, and patch status.

View on WordPress.org Back to Feed
Known Records
31
High or Critical
10
Linked CVEs
28
Last Updated
Mar 30, 2026
Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor so operators can quickly confirm whether a disclosed issue maps to the installed slug and version range.

Patch Visibility
31 records include a published patch path.
Severity Mix
5 critical and 5 high severity findings.
Reference Workflow
Jump from the hub into the full report when you need remediation notes, CVSS vector details, or source references.
Known Vulnerabilities

Reports for User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-3139
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.15.5 via the wppb_save_avatar_value() function due to missing validation on a...

Published
Mar 30, 2026
Patched Release
3.15.6
Affected Versions
Versions up to 3.15.5
Next Step
Update to 3.15.6 or newer if supported.
Open Full Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2025-15030
User Profile Builder <= 3.15.1 - Unauthenticated Privilege Escalation via Account Takeover

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.15.1. This is due to the plugin not properly validating a user's...

Published
Jan 12, 2026
Patched Release
3.15.2
Affected Versions
Versions up to 3.15.1
Next Step
Update to 3.15.2 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-13054
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppb-embed shortcode in all versions up to, and including, 3.14.8 due to insufficient input sanitizati...

Published
Nov 18, 2025
Patched Release
3.14.9
Affected Versions
Versions up to 3.14.8
Next Step
Update to 3.14.9 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-8896
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_communication_preferences[]' parameter in all versions up to, and including, 3.14.3 due to insufficient i...

Published
Aug 15, 2025
Patched Release
3.14.4
Affected Versions
Versions up to 3.14.3
Next Step
Update to 3.14.4 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-49292
Profile Builder <= 3.13.8 - Unauthenticated Content Spoofing

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Content Spoofing in all versions up to, and including, 3.13.8. This makes it possible for unauthenticated attackers to spoof content.

Published
Jun 05, 2025
Patched Release
3.13.9
Affected Versions
Versions up to 3.13.8
Next Step
Update to 3.13.9 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-4671
Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes

The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's user_meta and compare shortcodes in all versions up to, and including, 3.13.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

Published
Jun 02, 2025
Patched Release
3.13.9
Affected Versions
Versions up to 3.13.8
Next Step
Update to 3.13.9 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-2314
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient input sanitization and out...

Published
Apr 15, 2025
Patched Release
3.13.7
Affected Versions
Versions up to 3.13.6
Next Step
Update to 3.13.7 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-12738
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.12.9 - Unauthenticated Stored Cross-Site Scripting

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several user meta parameters in all versions up to, and including, 3.12.9 due to insufficient input sanitization an...

Published
Jan 06, 2025
Patched Release
3.13.0
Affected Versions
Versions up to 3.12.9
Next Step
Update to 3.13.0 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6708
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.12.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.12.1 due to insufficient input sanitization and output escap...

Published
Aug 13, 2024
Patched Release
3.12.2
Affected Versions
Versions up to 3.12.1
Next Step
Update to 3.12.2 or newer if supported.
Open Full Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-6695
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.11.8 - Authentication Bypass

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.11.8. This is due to the plugin not properly handling the user registration flow and...

Published
Jul 10, 2024
Patched Release
3.11.9
Affected Versions
Versions up to 3.11.8
Next Step
Update to 3.11.9 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6366
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.11.7 - Missing Authorization to Unauthenticated Media Upload

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized file uplloads due to a missing capability check on the wppb_upload_file_type() function in all versions up to, and including, 3.11.7....

Published
Jul 08, 2024
Patched Release
3.11.8
Affected Versions
Versions up to 3.11.7
Next Step
Update to 3.11.8 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-31341
Profile Builder <= 3.11.2 - Restricted Email Bypass

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to restricted email domain bypass in all versions up to, and including, 3.11.2. This makes it possible for unauthenticated attackers to register with...

Published
Apr 05, 2024
Patched Release
3.11.3
Affected Versions
Versions up to 3.11.2
Next Step
Update to 3.11.3 or newer if supported.
Open Full Report Open CVE Reference