How severe is CVE-2023-2297?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2023-2297 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Cozmoslabs User Profile Builder – Beautiful Registration Forms, Profiles & Role Editor

CVE-2023-2297

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, w…

EPSS: 0.006 (69.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cozmoslabs User Profile Builder – Beautiful Registration Forms, Profiles & Role Editor — versions 0

Weakness classification (CWE)

CWE-620

Public proof-of-concept exploits

20142995/nuclei-templates

References

Frequently asked questions

What is CVE-2023-2297?: CVE-2023-2297 is a critical-severity vulnerability in Cozmoslabs User Profile Builder – Beautiful Registration Forms, Profiles & Role Editor, classified under CWE-620. CVSS score: 9.8/10. Published 2023-04-26.
How severe is CVE-2023-2297?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2023-2297 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.