CSRF Vulnerability in Cozmoslabs Profile Builder Plugin Allows Unauthorized JSON File Upload and Option Update
CVE-2021-36915 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on.
Learn more about our Wordpress Pen Testing.