Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3
Critical2
High0
Medium1
Reset
Showing 1-3 of 3 records
Threat Entry Updated 2026-02-03

CVE-2025-15030 - User Profile Builder Plugin

The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account

PLUGIN User Profile Builder

CVE-2025-15030

CRITICAL CVSS 9.8 2026-02-02
Open Full Technical Breakdown
Threat Entry Updated 2025-06-04

CVE-2024-6708 - User Profile Builder Plugin

The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks.

PLUGIN User Profile Builder

CVE-2024-6708

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-05-30

CVE-2024-6366 - User Profile Builder Plugin

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.

PLUGIN User Profile Builder

CVE-2024-6366

CRITICAL CVSS 9.1 2024-07-29
Open Full Technical Breakdown
Scroll to top