CVE-2026-7647 | Cozmoslabs Profile Builder Pro Plugin up to 3.14.5 on WordPress AJAX maybe_unserialize args deserialization

Inserito da Angelo Barbosa | Mag 2, 2026 | CVE

A vulnerability has been found in Cozmoslabs Profile Builder Pro Plugin up to 3.14.5 on WordPress and classified as problematic. Affected by this vulnerability is the function maybe_unserialize of the component AJAX Handler. This manipulation of the argument args causes deserialization.

This vulnerability is handled as CVE-2026-7647. The attack can be initiated remotely. There is not any exploit available.

The affected component should be upgraded.

CVE-2026-7647 | Cozmoslabs Profile Builder Pro Plugin up to 3.14.5 on WordPress AJAX maybe_unserialize args deserialization

Post correlati

CVE-2025-57106 | Kitware VTK up to 9.5.0 vtkGLTFDocumentLoader buffer overflow

CVE-2024-28431 | DedeCMS 5.7 /dede/catalog_del.php cross-site request forgery

CVE-2024-0653 | Custom Field Template Plugin up to 2.6.1 on WordPress cross site scripting

CVE-2026-32141 | WebReflection flatted up to 3.3.x JSON Parser parse recursion (GHSA-25h7-pfq9-p65f)