CVE-2025-4671

Published June 3rd, 2025

View on NVD ↗

CVSS v3

6.4

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's user_meta and compare shortcodes in all versions up to, and including, 3.13.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

<a href="https://www.cozmoslabs.com/wordpress-profile-builder/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Profile Builder</a> is the all in one user profile and user registration plugin for WordPress. Elegant and reliable user registration and <a href="https://www.cozmoslabs.com/best-wordpress-user-profile-plugins-compared/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">user profile plugin</a> for creating front-end user registration, login and edit profile forms with custom fields. It also lets you restrict content based on user role or logged in status and manage user roles and capabilities using the built in Role Editor. Elevate your user experience and boost sign-ups with beautiful GDPR-compliant registration and login forms, customized user profiles, and all the user management tools you need in one robust solution. <a href="https://pb-demo.cozmoslabs.com/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree#topmenu" rel="nofollow ugc">Free Demo</a> | <a href="https://www.cozmoslabs.com/wordpress-profile-builder/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Compare Free vs Pro</a> | <a href="https://www.cozmoslabs.com/docs/profile-builder/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Documentation</a> <iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/dZQaS5bk7zY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe> <h3>Professionally Designed Login and Registration Forms</h3> Personalize your website by incorporating front-end user login and user registration forms, providing users with a convenient way of signing up or accessing their profiles. This is ideal for: * <a href="https://www.cozmoslabs.com/best-wordpress-community-plugins/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Online Communities</a> & Associations * Online Courses * News and Resource Websites <h3>Modern and Elegant User Profiles, Listings, and Directories</h3> From creating user profiles and a member directory to listing job offers or your community services, Profile Builder gives you the tools you need to monitor your users, control how and where they log in, as well as implement security measures to protect all those involved. This is ideal for: * <a href="https://www.cozmoslabs.com/wordpress-business-directory-plugin/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Business Directory</a> * <a href="https://www.cozmoslabs.com/wordpress-user-listing-2/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree/" rel="nofollow ugc">Member Directory</a> * Job Boards * Consultancy Services <h3>Lock Your WooCommerce Shop and Content for Members Only</h3> Take control of user access throughout your website, define users’ viewing permissions, and regulate their ability to purchase your products. You can do this based on user role or logged-in status, and you can also manage user roles and capabilities using the built-in role editor. This is ideal for: * Private Websites * <a href="https://www.cozmoslabs.com/wordpress-password-protect-post-content/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Private Content</a> * <a href="https://www.cozmoslabs.com/woocommerce-private-store/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Private WooCommerce Stores</a> * Members-Only WooCommerce Stores <h3>How to Add User Registration, Login, User Profile and Password Recovery Forms</h3> You can use the following shortcode list or available plugin blocks to quickly display the user forms on your website: <ul> <li>[wppb-register] – to register users via a front-end register form that you can customize with .</li> <li>[wppb-edit-profile] – to grant users front-end access to their user profile (requires user to be logged in).</li> <li>[wppb-login] – to add a front-end login form.</li> <li>[wppb-logout] – to add logout functionality.</li> <li>[wppb-recover-password] – to add a password recovery form.</li> <li>[wppb-restrict] Content to restrict [/wppb-restrict] – to restrict content of any type</li> </ul> <h3>Profile Builder Features</h3> <ul> <li>drag & drop to reorder user profile fields</li> <li>add Avatar Upload field for users to manage their avatar on your website</li> <li>enable Email Confirmation (on registration users will receive a notification to <a href="https://www.cozmoslabs.com/wordpress-email-confirmation/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">confirm their email address</a>)</li> <li>Email Customizer – Personalize all emails sent to your users or admins; customize default WordPress registration email</li> <li>choose between login with only Username, Email or both</li> <li>enforce <a href="https://www.cozmoslabs.com/wordpress-minimum-password-length-strength/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">WordPress password requirements</a> by setting up a minimum password length and minimum password strength (using the default WordPress password strength meter)</li> <li>assign users a specific role at registration (using [wppb-register role=”desired_role”] shortcode argument for the register form)</li> <li><a href="https://www.cozmoslabs.com/redirect-users-after-login-registration-wordpress/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">redirect users</a> after login, register and edit-profile using redirect_url shortcode argument ( e.g [wppb-login redirect_url=”www.example.com”] )</li> <li>add register and lost password links below the login form (using [wppb-login register_url=”www.example.com” lostpassword_url=”www.example.com”] shortcode arguments)</li> <li>customizable user login widget</li> <li>add a custom stylesheet/inherit values from the current theme or use the default one built into this plugin</li> <li>Admin Bar Settings: choose which user roles view the admin bar in the front-end</li> <li>extended functionality available via <a href="https://www.cozmoslabs.com/profile-builder-add-ons/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Add-ons</a></li> <li>Roles Editor: add, edit, remove or clone <a href="https://www.cozmoslabs.com/how-to-create-custom-wordpress-user-roles-with-profile-builder/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">user roles</a> and capabilities</li> <li><a href="https://www.cozmoslabs.com/adding-recaptcha-wordpress-register-login-lost-password-forms-profile-builder/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">reCAPTCHA support</a> for Profile Builder and WordPress default forms</li> <li>User Role Select field on register and edit profile forms</li> <li>Content Restriction: <a href="https://www.cozmoslabs.com/restrict-content-user-role-profile-builder/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">restrict content</a> based on current users role or logged in status</li> <li>Restrict WooCommerce shop page and products</li> <li>Restrict Gutenberg blocks</li> <li>Invisible reCAPTCHA support for both Profile Builder forms as well as default WordPress forms</li> <li>Private Website: setup a <a href="https://www.cozmoslabs.com/wordpress-private-site/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">WordPress private site</a> that is visible only to members or logged in users</li> <li>GDPR: collect users consent about the data you collect about them under the new <a href="https://www.cozmoslabs.com/docs/profile-builder/how-to-make-profile-builder-forms-gdpr-compliant/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">GDPR law</a> requirements</li> <li>Form Designs: enable beautiful designs for your forms fully customizable by you</li> </ul> PROFILE BUILDER PRO The <a href="https://www.cozmoslabs.com/wordpress-profile-builder/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree#pricing" rel="nofollow ugc">Pro version</a> has the following extra features: <ul> <li>Create Extra User Fields (Hidden Input, Agree to Terms Checkbox WYSIWYG, Upload fields, International Telephone Input, User Role Select, Country Select, Timezone Select Upload, Map, HTML, Phone, Datepicker, Timepicker, Colorpicker, Custom Validation field, Currency Select, CPT Select, Taxonomy Select)</li> <li>Support for Conditional Fields</li> <li>Use AJAX for form processing</li> <li>Front-end User Listing (create fully customizable member directories, sorting included)</li> <li>Create Multiple User Listings</li> <li><a href="https://www.cozmoslabs.com/add-ons/custom-redirects/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Custom Redirects</a></li> <li>Multiple Registration Forms (set up <a href="https://www.cozmoslabs.com/add-ons/multiple-registration-forms/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">multiple registration forms</a> with different profile fields for certain user roles)</li> <li><a href="https://www.cozmoslabs.com/add-ons/multiple-edit-profile-forms/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Multiple Edit Profile Forms</a></li> <li><a href="https://www.cozmoslabs.com/add-ons/repeater-fields/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Repeater Fields</a> – add repeater fields or groups of fields to your user profile</li> <li>Admin Approval (<a href="https://www.cozmoslabs.com/approve-users-from-admin-email-using-profile-builder/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">approve new users from dashboard or via email</a>)</li> <li>Create a <a href="https://www.cozmoslabs.com/add-users-map-wordpress/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Map of Users Locations</a></li> <li>Add progress bars to your Edit Profile and Registration forms</li> <li>17 Premium Add-ons (e.g. custom redirects, user listing, multiple registration forms etc.)</li> <li>Access to Premium Support and Documentation</li> <li>1 Year of Plugin Updates, New Features and Priority Support</li> </ul> <a href="https://www.cozmoslabs.com/wordpress-profile-builder/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Find out more about Profile Builder PRO</a> <h4>Add-ons</h4> For more functionality check out <a href="https://www.cozmoslabs.com/profile-builder-add-ons/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Profile Builder Add-ons page</a> Free Add-ons <ul> <li><a href="https://www.cozmoslabs.com/add-ons/gdpr-communication-preferences/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">GDPR Communication Preferences</a> – allows your users to give consent on the communication preferences</li> <li><a href="https://www.cozmoslabs.com/add-ons/custom-login-page-templates/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Custom Login Page Templates</a> – customize the default WordPress login page with your own design.</li> <li><a href="https://www.cozmoslabs.com/add-ons/client-portal/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Client Portal</a> – create private pages for your website users that only an administrator can edit.</li> <li><a href="https://www.cozmoslabs.com/add-ons/custom-css-classes-fields/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Custom CSS Classes on Fields</a> – add custom CSS classes for fields</li> <li><a href="https://www.cozmoslabs.com/add-ons/import-export/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Import and Export</a> – allows you to import and export all Profile Builder Settings data</li> <li><a href="https://www.cozmoslabs.com/add-ons/passwordless-login/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Passwordless Login</a> – allow your users to login without a password</li> <li><a href="https://www.cozmoslabs.com/add-ons/maximum-character-length/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Maximum Character Length</a> – set a maximum character length for custom input or textarea fields</li> <li><a href="https://www.cozmoslabs.com/add-ons/labels-edit/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Labels Edit</a> – easily edit all Profile Builder labels</li> </ul> Premium Add-ons <ul> <li><a href="https://www.cozmoslabs.com/add-ons/form-fields-in-columns/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Form Fields in Columns</a> – create beautiful and responsive custom form layouts by placing different fields on the same row</li> <li><a href="https://www.cozmoslabs.com/add-ons/woocommerce-sync/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">WooCommerce Sync</a> – integrates Profile Builder with <a href="https://www.cozmoslabs.com/33671-manage-woocommerce-customer-fields-profile-builder/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">WooCommerce</a>, allowing you to manage Shipping and Billing fields from WooCommerce with PB and <a href="https://www.cozmoslabs.com/113343-add-conditional-logic-fields-woocommerce-checkout-page/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">more</a></li> <li><a href="https://www.cozmoslabs.com/add-ons/social-connect/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Social Connect</a> – enable social login on your website, users can login with Facebook, Google, Twitter(X) or LinkedIn.</li> <li><a href="https://www.cozmoslabs.com/add-ons/multi-step-forms/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Multi-Step Forms</a> – allow users to build multi-step forms for Registration and Edit Profile forms.</li> <li><a href="https://www.cozmoslabs.com/add-ons/custom-profile-menus/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Custom Profile Menus</a> – add custom menu items like Login/Logout or just Logout button and Login/Register/Edit Profile in iFrame Popup</li> <li><a href="https://www.cozmoslabs.com/add-ons/field-visibility/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Field Visibility</a> – select which user profile fields are visible in the frontend</li> <li><a href="https://www.cozmoslabs.com/add-ons/mailchimp/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">MailChimp</a> – allow users to subscribe to your Mailchimp lists directly from the Register or Edit Profile forms</li> <li><a href="https://www.cozmoslabs.com/add-ons/campaign-monitor/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Campaign Monitor</a> – allow users to subscribe to your Campaign Monitor lists directly from the Register or Edit Profile forms</li> <li><a href="https://www.cozmoslabs.com/add-ons/mailpoet/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">MailPoet</a> – allow users to subscribe to your MailPoet lists directly from the Register and Edit Profile forms</li> <li><a href="https://www.cozmoslabs.com/add-ons/bbpress/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">bbPress</a> – allows you to integrate Profile Builder with the popular forums plugin, bbPress.</li> <li><a href="https://www.cozmoslabs.com/add-ons/buddypress/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">BuddyPress</a> – allows extending BuddyPress user profiles with Profile Builder user fields.</li> </ul> <h3>The Ultimate Membership Bundle</h3> Combine user registration, memberships, and recurring revenue in one powerful plugin bundle called the <a href="https://www.cozmoslabs.com/ultimate-membership-bundle/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Ultimate Membership Bundle</a>. Get access to <a href="https://www.cozmoslabs.com/wordpress-profile-builder/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Profile Builder Pro</a> and <a href="https://www.cozmoslabs.com/wordpress-paid-member-subscriptions/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">Paid Member Subscriptions Pro</a> together. These two plugins are designed to work perfectly together, offering you a powerful toolkit for managing and expanding your user base while generating revenue through paid memberships and recurring revenue. <h4>Documentation</h4> Please visit the <a href="https://www.cozmoslabs.com/docs/profile-builder/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">documentation page</a> for this plugin <h4>Website</h4> For more details visit our <a href="https://www.cozmoslabs.com/wordpress-profile-builder/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree" rel="nofollow ugc">website</a> <h4>Profile Builder in your Language</h4> We’re focusing on translating Profile Builder in as many languages as we can. So far, the translations for 17 languages are almost complete, but we still need help on a lot of other languages, so please join us at <a href="https://translate.wordpress.org/projects/wp-plugins/profile-builder" rel="nofollow ugc">translate.wordpress.org</a> You will be able to download all the <a href="https://translate.wordpress.org/projects/wp

WordPress Plugin Directory

5.55M