Ctrl + K
/ news / CVE
CVEPublished 2023-04-27Modified 2026-04-081 article on news7 live referencesNVD data

CVE-2023-2297Cozmoslabs · Profile_builder

Vulnerability data via NVD (ingested)

CVSS v3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS percentile
47
Exploit Prediction Scoring System · top 53% of all CVEs
Weaknesses (CWE)
CWE-620Unverified Password ChangeCWE-287Improper Authentication
Description

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (wppb_front_end_password_recovery). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-0814, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.

Timeline
Published 2023-04-27
Modified 2026-04-08

External references

NVDMITREExploit-DBGitHub PoCSploitustrickest/cveVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2023-2297
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · WP plugin path
http.html:"/wp-content/plugins/profile-builder/"
Matches any site loading the "profile-builder" plugin — doesn't rely on Shodan's vuln tag.
Shodan · product
product:"Cozmoslabs Profile Builder"
All exposed Cozmoslabs Profile Builder instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Profile Builder"
HTTP body or banner mentions "Profile Builder" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2023-2297
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2023-2297
Censys host search filtered to this CVE id.
grep.app
CVE-2023-2297
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2023-2297
GitHub code search for direct mentions.
Google dork
"CVE-2023-2297" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (3)

CVE-2023-22973 repos
hoilc/scoop-lemonPowerShell
🍋Yet Another Personal Bucket for Scoop
★ 239·updated today
ssrg-vt/FoxDecHTML
Formally verified x86-64 decompilation
★ 49·updated 1w ago
hiifong/starListPython
Export your star's repository list
★ 18·updated today
Articles on news mentioning CVE-2023-2297