Impact
This vulnerability is an unauthenticated cross‑site scripting flaw in the WordPress Profile Builder Pro plugin versions 3.15.0 and earlier.
Affected Systems
Cozmoslabs' Profile Builder Pro plugin for WordPress, versions 3.15.0 and older.
Risk and Exploitability
The CVSS score of 7.1 indicates high severity. EPSS is not available and the vulnerability is not listed in CISA's KEV catalog. The description indicates the attack vector is unauthenticated; any user who visits a page using the vulnerable fields could be targeted without needing special credentials.
OpenCVE Enrichment