CVE-2026-7647 | Cozmoslabs Profile Builder Pro Plugin up to 3.14.5 on WordPress AJAX maybe_unserialize args deserialization

Inserito da Angelo Barbosa | Mag 2, 2026 | CVE

A vulnerability has been found in Cozmoslabs Profile Builder Pro Plugin up to 3.14.5 on WordPress and classified as problematic. Affected by this vulnerability is the function maybe_unserialize of the component AJAX Handler. This manipulation of the argument args causes deserialization.

This vulnerability is handled as CVE-2026-7647. The attack can be initiated remotely. There is not any exploit available.

The affected component should be upgraded.

CVE-2026-7647 | Cozmoslabs Profile Builder Pro Plugin up to 3.14.5 on WordPress AJAX maybe_unserialize args deserialization

Post correlati

CVE-2025-4307 | PHPGurukul Art Gallery Management System 1.1 add-art-medium.php artmed sql injection

CVE-2024-29042 | franciscop translate up to 2.x on Node.js opt.id input validation (GHSA-882j-4vj5-7vmj)

CVE-2025-62354 | cursor up to 1.x os command injection

CVE-2025-20016 | YS STEALTHONE D220/STEALTHONE D340/STEALTHONE D440 Web Management Page os command injection