Kitgenix Plugin Score

profile-builder

Slug: profile-builder · · 0+

Not updated in last 3 months

Overall Score

Scan this plugin to generate a full score report

--
Not Yet Scanned

What this score means

Scores are calculated on a 100-point scale by analysing six weighted categories: Security, WP.org Readiness, Performance, Code Quality, Accessibility, and Vulnerabilities. Open vulnerabilities are weighted by severity, CVSS, and patch availability, and incomplete source data can reduce confidence slightly.

  • Excellent The plugin follows best practices across every measured category. It is well-maintained, low-risk, and recommended for production use.
  • Good Strong overall quality with minor areas for improvement. Generally safe to use on most sites.
  • Needs Review Some areas of concern detected. Review the full issues report and weigh the risks before installing on production.
  • High Risk Significant quality or security problems found. Exercise caution — check the details carefully before using this plugin.
No scan has been completed yet. Vulnerability and issue data will appear after the first scan.
  • Wordfence: June 10, 2026 7:46 am (29 minutes ago)

Actions

View on WordPress.org Download Plugin
After the first scan, this plugin will be automatically re-scanned every 30 days.
Export report: CSV JSON

Score Breakdown

Shield
Security
--
Pending Scan
W
WP.org Readiness
--
Pending Scan
Speed
Performance
--
Pending Scan
Code
Code Quality
--
Pending Scan
A11y
Accessibility
--
Pending Scan
Bug
Vulnerability Status
--
Pending Scan

Plugin Details

Scan Summary

  • Errors: 0
  • Warnings: 0
  • Notices: 0
  • Last Scanned: N/A
No scan results yet. Start the first scan to populate this summary.

Detected Issues

No issues to display yet. Run the first scan to generate findings.

Score History

No history available yet. · All-Time High: N/A

All Past Vulnerabilities

Showing all known historical vulnerabilities for this plugin, including open and closed records.

Vulnerability CVE Severity Status Affected Versions Patched Version Updated Source
Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes N/A LOW Closed *-3.13.8 3.13.9 2025-06-02 21:31:42 Wordfence
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.12.1 - Authenticated (Admin+) Stored Cross-Site Scripting N/A LOW Closed *-3.12.1 3.12.2 2024-08-13 00:00:00 Wordfence
Profile Builder – User Profile & User Registration Forms < 1.1.66 - Cross-Site Scripting N/A LOW Closed [*, 1.1.66) 1.1.66 2014-07-16 00:00:00 Wordfence
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.12.9 - Unauthenticated Stored Cross-Site Scripting N/A LOW Closed *-3.12.9 3.13.0 2025-01-06 00:00:00 Wordfence
Profile Builder/Profile Builder Pro <= 3.3.2 - Authenticated Blind SQL Injection N/A LOW Closed [*, 3.3.3) 3.3.3 2020-12-04 00:00:00 Wordfence
User Profile Builder <= 3.15.1 - Unauthenticated Privilege Escalation via Account Takeover N/A LOW Closed *-3.15.1 3.15.2 2026-01-12 00:00:00 Wordfence
Profile Builder < 2.5.8 - Cross-Site Scripting N/A LOW Closed [*, 2.5.8) 2.5.8 2017-03-10 00:00:00 Wordfence
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode N/A LOW Closed *-3.14.8 3.14.9 2025-11-18 16:29:27 Wordfence
Profile Builder <= 3.4.7 - Authenticated (Administrator+) Stored Cross-Site Scripting N/A LOW Closed *-3.4.7 3.4.8 2021-06-30 00:00:00 Wordfence
Profile Builder <= 3.4.8 - Admin Access via Password Reset N/A LOW Closed [*, 3.4.9) 3.4.9 2021-07-19 00:00:00 Wordfence
Profile Builder <= 2.4.0 - Privilege Escalation N/A LOW Closed [*, 2.4.1) 2.4.1 2016-07-07 00:00:00 Wordfence
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.11.8 - Authentication Bypass N/A LOW Closed *-3.11.8 3.11.9 2024-07-10 00:00:00 Wordfence
User Profile Builder <= 3.10.8 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update N/A LOW Closed *-3.10.8 3.10.9 2024-01-16 00:00:00 Wordfence
Profile Builder <= 3.11.2 - Restricted Email Bypass N/A LOW Closed *-3.11.2 3.11.3 2024-04-05 00:00:00 Wordfence
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting N/A LOW Closed *-3.14.3 3.14.4 2025-08-15 18:31:53 Wordfence
Profile Builder <= 2.1.3 - Missing Access Controls N/A LOW Closed *-2.1.3 2.1.4 2015-04-15 00:00:00 Wordfence
Profile Builder <= 3.6.7 - Admin+ Stored Cross-Site Scripting N/A LOW Closed [*, 3.6.8) 3.6.8 2022-03-09 00:00:00 Wordfence
Profile Builder <= 3.10.7 - Insecure Direct Object Reference to Sensitive Information Exposure via user_meta Shortcode N/A LOW Closed *-3.10.6 3.10.8 2024-01-05 00:00:00 Wordfence
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field N/A LOW Closed *-3.15.5 3.15.6 2026-03-30 21:39:25 Wordfence
Profile Builder – User Profile & User Registration Forms <= 3.6.4 - Cross-Site Request Forgery N/A LOW Closed *-3.6.4 3.6.5 2022-09-29 00:00:00 Wordfence
Profile Builder <= 3.9.7 - Missing Authorization to Initial Page Creation N/A LOW Closed [*, 3.9.8) 3.9.8 2023-08-08 00:00:00 Wordfence
Profile Builder <= 3.13.8 - Unauthenticated Content Spoofing N/A LOW Closed *-3.13.8 3.13.9 2025-06-05 00:00:00 Wordfence
Profile Builder <= 3.1.0 - Privilege Escalation N/A LOW Closed [*, 3.1.1) 3.1.1 2020-02-13 00:00:00 Wordfence
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode N/A LOW Closed *-3.13.6 3.13.7 2025-04-15 12:34:28 Wordfence
Profile Builder – User Profile & User Registration Forms <= 2.2.4 - Reflected Cross-Site Scripting N/A LOW Closed [*, 2.2.5) 2.2.5 2015-11-11 00:00:00 Wordfence
Profile Builder <= 3.10.3 - Cross-Site Request Forgery via pms-cross-promotion.php N/A LOW Closed *-3.10.3 3.10.4 2023-11-07 00:00:00 Wordfence
Profile Builder – User Profile & User Registration Forms < 2.4.2 - Cross-Site Scripting N/A LOW Closed [*, 2.4.2) 2.4.2 2016-07-13 00:00:00 Wordfence
Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Sensitive Information Disclosure via Shortcode N/A LOW Closed *-3.9.0 3.9.1 2023-02-13 00:00:00 Wordfence
Profile Builder – User Profile & User Registration Forms Plugin < 1.1.60 - Authentication Bypass N/A LOW Closed [*, 1.1.60) 1.1.60 2014-05-06 00:00:00 Wordfence
Profile Builder - User Profile & User Registration Forms <= 3.6.1 - Cross-Site Scripting via site_url Parameter N/A LOW Closed *-3.6.1 3.6.2 2022-02-17 00:00:00 Wordfence
Profile Builder <= 2.0.2 - Reflected Cross-Site Scripting N/A LOW Closed *-2.0.2 2.0.3 2014-10-30 00:00:00 Wordfence
Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism N/A LOW Closed *-3.9.0 3.9.1 2023-02-13 00:00:00 Wordfence
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.11.7 - Missing Authorization to Unauthenticated Media Upload N/A LOW Closed *-3.11.7 3.11.8 2024-07-08 00:00:00 Wordfence