CSRF Vulnerability in Cozmoslabs Profile Builder Plugin Allows Unauthorized JSON File Upload and Option Update

CSRF Vulnerability in Cozmoslabs Profile Builder Plugin Allows Unauthorized JSON File Upload and Option Update

CVE-2021-36915 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on.

Learn more about our Wordpress Pen Testing.