top of page
perceptive_background_267k.jpg

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.…

Published:

18 March 2026 at 23:00:00

Alert date:

19 March 2026 at 07:01:54

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Database & Storage

A blind SQL injection vulnerability has been identified in Cozmoslabs Profile Builder Pro WordPress plugin. The vulnerability is classified as CVE-2026-27413 and affects all versions from unknown starting point through version 3.13.9. The issue stems from improper neutralization of special elements used in SQL commands, allowing attackers to perform blind SQL injection attacks. This vulnerability could potentially allow attackers to extract sensitive database information or manipulate database contents. The vulnerability has been assigned a high criticality rating, indicating significant potential impact on affected systems.

Technical details

Mitigation steps:

Affected products:

Cozmoslabs Profile Builder Pro

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-27413
https://patchstack.com/database/wordpress/plugin/profile-builder-pro/vulnerability/wordpress-profile-builder-pro-plugin-3-13-9-sql-injection-vulnerability?_s_id=cve

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page