Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
buddypress buddypress vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2021-21389
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 prior to 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerabi...
Buddypress Buddypress
3 Github repositories
7.8
CVSSv2
CVE-2015-9455
The buddypress-activity-plus plugin prior to 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.
Incsub Buddypress-activity-plus
7.5
CVSSv2
CVE-2012-2109
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x prior to 1.5.5 of WordPress allows remote malicious users to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.
Buddypress Buddypress 1.5
Buddypress Buddypress 1.5.2
Buddypress Buddypress 1.5.3
Buddypress Buddypress 1.5.3.1
Buddypress Buddypress 1.5.4
Buddypress Buddypress 1.5.1
1 EDB exploit
5
CVSSv2
CVE-2020-5244
In BuddyPress prior to 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.
Buddypress Buddypress
4.3
CVSSv2
CVE-2014-1888
Cross-site scripting (XSS) vulnerability in the BuddyPress plugin prior to 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. NOTE: this can be exploited without authentication by le...
Buddypress Buddypress
Buddypress Buddypress 1.8.1
Buddypress Buddypress 1.6.3
Buddypress Buddypress 1.6.2
Buddypress Buddypress 1.5.5
Buddypress Buddypress 1.5.6
Buddypress Buddypress 1.7
Buddypress Buddypress 1.6.5
Buddypress Buddypress 1.6.4
Buddypress Buddypress 1.5.3.1
Buddypress Buddypress 1.5.4
Buddypress Buddypress 1.7.2
Buddypress Buddypress 1.7.1
Buddypress Buddypress 1.5.2
Buddypress Buddypress 1.5.3
Buddypress Buddypress 1.6.1
Buddypress Buddypress 1.8
Buddypress Buddypress 1.7.3
Buddypress Buddypress 1.5
Buddypress Buddypress 1.5.1
Buddypress Buddypress 1.5.7
Buddypress Buddypress 1.6
4
CVSSv2
CVE-2014-1889
The Group creation process in the Buddypress plugin prior to 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.
Buddypress Buddypress
1 EDB exploit
4
CVSSv2
CVE-2017-6954
An issue exists in includes/component.php in the BuddyPress Docs plugin prior to 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions.
Buddypress Buddypress
3.5
CVSSv2
CVE-2021-24443
The About Me widget of the Youzify – BuddyPress Community, User Profile, Social Network & Membership WordPress plugin prior to 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be...
Kainelabs Youzify
1 Github repository
3.5
CVSSv2
CVE-2017-1000227
Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can
Parallelus Salutation 3.0.15
2.6
CVSSv2
CVE-2013-4944
Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin prior to 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote malicious users to inject arbitrary web script or HTML via the friendship_reques...
Fusedpress Buddypress-extended-frienship-request
Fusedpress Buddypress-extended-frienship-request 1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »