CVE-2024-22141

2024-01-2415:15:08

CWE-200

[email protected]

web.nvd.nist.gov

cve-2024-22141

vulnerability

cozmoslabs

profile builder pro

information security

unauthorized access

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.3%

JSON

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.

Affected configurations

Vulners

NVD

Node

cozmoslabsprofile_builderRange≤3.10.0

VendorProductVersionCPE
cozmoslabsprofile_builder*cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cozmoslabs	profile_builder	*	cpe:2.3:a:cozmoslabs:profile_builder::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Profile Builder Pro",
    "vendor": "Cozmoslabs",
    "versions": [
      {
        "changes": [
          {
            "at": "3.10.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.10.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/profile-builder-pro/wordpress-profile-builder-pro-plugin-3-10-0-totp-secret-key-exposure-vulnerability?_s_id=cve