Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Cozmoslabs — Vulnerabilities & Security Advisories 40

Browse all 40 CVE security advisories affecting Cozmoslabs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Cozmoslabs operates as a software development firm specializing in mobile applications and enterprise solutions, primarily targeting Android and iOS platforms. With forty recorded Common Vulnerabilities and Exposures (CVEs), the company’s product portfolio has historically exhibited significant security deficiencies. The most prevalent vulnerability classes include remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws, often stemming from inadequate input validation and improper access controls within their mobile frameworks. These issues frequently allow attackers to bypass authentication mechanisms or execute arbitrary commands on affected devices. While no single catastrophic data breach has been publicly attributed solely to Cozmoslabs, the high volume of CVEs indicates systemic weaknesses in their secure development lifecycle. The recurring nature of these vulnerabilities suggests a need for rigorous code auditing and enhanced security testing protocols to mitigate risks associated with their widely deployed software components.

Top products by Cozmoslabs: User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction Paid Member Subscriptions Profile Builder Pro Profile Builder TranslatePress WP Webhooks Profile Builder – User Profile & User Registration Forms (WordPress plugin) Profile Builder – User Profile & User Registration Forms User Profile Picture WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPress
CVE IDTitleCVSSSeverityPublished
CVE-2026-7647 Profile Builder Pro <= 3.14.5 - Unauthenticated PHP Object Injection — Profile Builder ProCWE-502 8.1 High2026-05-02
CVE-2026-3139 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field — User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role EditorCWE-639 4.3 Medium2026-03-31
CVE-2026-27413 WordPress Profile Builder Pro plugin < 3.14.0 - SQL Injection vulnerability — Profile Builder ProCWE-89 9.3 Critical2026-03-19
CVE-2025-68514 WordPress Paid Member Subscriptions plugin <= 2.16.8 - Insecure Direct Object References (IDOR) vulnerability — Paid Member SubscriptionsCWE-639 6.5 Medium2026-02-20
CVE-2025-66074 WordPress WP Webhooks plugin <= 3.3.8 - Arbitrary File Upload vulnerability — WP WebhooksCWE-434 9.0 Critical2025-12-18
CVE-2025-66073 WordPress WP Webhooks plugin <= 3.3.8 - PHP Object Injection vulnerability — WP WebhooksCWE-502 7.2 High2025-11-21
CVE-2025-13054 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role EditorCWE-79 6.4 Medium2025-11-19
CVE-2025-58592 WordPress TranslatePress Plugin <= 2.10.2 - Deserialization of untrusted data Vulnerability — TranslatePressCWE-502 8.1 High2025-11-06
CVE-2025-11835 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.16.4 - Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewal — Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content RestrictionCWE-862 5.3 Medium2025-11-05
CVE-2025-58600 WordPress Paid Member Subscriptions Plugin <= 2.15.9 - Broken Access Control Vulnerability — Paid Member SubscriptionsCWE-862 5.3 Medium2025-09-03
CVE-2025-8895 WP Webhooks <= 3.3.5 - Unauthenticated Arbitrary File Copy — WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPressCWE-22 9.8 Critical2025-08-21
CVE-2025-54017 WordPress Paid Member Subscriptions <= 2.15.4 - Local File Inclusion Vulnerability — Paid Member SubscriptionsCWE-98 7.5 High2025-08-20
CVE-2025-8896 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting — User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role EditorCWE-79 6.4 Medium2025-08-16
CVE-2025-49870 WordPress Paid Member Subscriptions plugin <= 2.15.1 - SQL Injection Vulnerability — Paid Member SubscriptionsCWE-89 7.5 High2025-07-04
CVE-2025-49292 WordPress Profile Builder plugin <= 3.13.8 - Content Spoofing Vulnerability — Profile BuilderCWE-1284 4.3 Medium2025-06-06
CVE-2025-4671 Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes — User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role EditorCWE-79 6.4 Medium2025-06-03
CVE-2025-2314 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role EditorCWE-79 6.4 Medium2025-04-16
CVE-2025-31088 WordPress Paid Member Subscriptions plugin <= 2.14.3 - Cross Site Scripting (XSS) Vulnerability — Paid Member SubscriptionsCWE-79 6.5 Medium2025-03-28
CVE-2025-30773 WordPress TranslatePress plugin <= 2.9.6 - PHP Object Injection Vulnerability — TranslatePressCWE-502 7.2 High2025-03-27
CVE-2024-12919 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.7 - Authentication Bypass via pms_payment_id — Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content RestrictionCWE-287 9.8 Critical2025-01-14
CVE-2024-12738 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.12.9 - Unauthenticated Stored Cross-Site Scripting — User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role EditorCWE-79 6.1 Medium2025-01-07
CVE-2024-11291 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.4 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure — Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content RestrictionCWE-200 5.3 Medium2024-12-18
CVE-2024-10261 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.0 - Unauthenticated Arbitrary Shortcode Execution — Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content RestrictionCWE-94 7.3 High2024-11-09
CVE-2024-9222 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.12.8 - Reflected Cross-Site Scripting — Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content RestrictionCWE-79 6.1 Medium2024-10-02
CVE-2024-5639 User Profile Picture <= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update — User Profile PictureCWE-639 4.3 Medium2024-06-21
CVE-2024-31341 WordPress User Profile Builder plugin <= 3.11.2 - Bypass Vulnerability vulnerability — Profile BuilderCWE-345 5.3 Medium2024-05-17
CVE-2024-32728 WordPress Paid Membership Subscriptions plugin <= 2.11.0 - Cross Site Request Forgery (CSRF) vulnerability — Paid Member SubscriptionsCWE-352 4.3 Medium2024-04-24
CVE-2023-51522 WordPress Paid Membership Subscriptions plugin <= 2.10.4 - Cross Site Request Forgery (CSRF) vulnerability — Paid Member SubscriptionsCWE-352 4.3 Medium2024-03-15
CVE-2024-1389 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return — Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content RestrictionCWE-862 5.3 Medium2024-02-20
CVE-2024-1390 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via creating_pricing_table_page — Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content RestrictionCWE-862 4.3 Medium2024-02-20

This page lists every published CVE security advisory associated with Cozmoslabs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.