cleantalk
Vulnerabilities and Security Researches

User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor, CVE-2025-15030

CVE, Research URL

CVE-2025-15030

Home page URL

Security reports for User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

Application

User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

Published on
Feb 02, 2026
Research Description
The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account
Affected versions
max 3.15.2.
Status
vulnerable
Previous vulnerability researches
WP iCal Availability (CVE-2023-46607) , Jun 10, 2024
WP iCal Availability (CVE-2023-41853) , Jun 07, 2024
New vulnerability
Complianz – GDPR/CCPA Cookie Consent (CVE-2025-11185) , Feb 27, 2026
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce (CVE-2026-24392) , Feb 27, 2026
Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics (CVE-2026-25407) , Feb 27, 2026
WP Activity Log (CVE-2026-25331) , Feb 27, 2026
Yoast Duplicate Post (CVE-2019-25314) , Feb 27, 2026