Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.…

A blind SQL injection vulnerability has been identified in Cozmoslabs Profile Builder Pro WordPress plugin. The vulnerability is classified as CVE-2026-27413 and affects all versions from unknown starting point through version 3.13.9. The issue stems from improper neutralization of special elements used in SQL commands, allowing attackers to perform blind SQL injection attacks. This vulnerability could potentially allow attackers to extract sensitive database information or manipulate database contents. The vulnerability has been assigned a high criticality rating, indicating significant potential impact on affected systems.