Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
buddypress buddypress vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-5931
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin prior to 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to upload arbitrary files such as PHP on the server
Rtcamp Rtmedia
8.8
CVSSv3
CVE-2023-28694
Cross-Site Request Forgery (CSRF) vulnerability in Wbcom Designs Wbcom Designs – BuddyPress Activity Social Share plugin <= 3.5.0 versions.
Wbcomdesigns Buddypress Activity Social Share
8.8
CVSSv3
CVE-2022-45074
Cross-Site Request Forgery (CSRF) vulnerability in Paramveer Singh for Arete IT Private Limited Activity Reactions For Buddypress plugin <= 1.0.22 versions.
Areteit Activity Reactions For Buddypress
8.8
CVSSv3
CVE-2021-21389
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 prior to 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerabi...
Buddypress Buddypress
3 Github repositories
8.1
CVSSv3
CVE-2015-9455
The buddypress-activity-plus plugin prior to 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.
Incsub Buddypress-activity-plus
7.5
CVSSv3
CVE-2020-5244
In BuddyPress prior to 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.
Buddypress Buddypress
7.2
CVSSv3
CVE-2023-5939
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin prior to 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users.
Rtcamp Rtmedia
6.5
CVSSv3
CVE-2023-47191
Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify – BuddyPress Community, User Profile, Social Network & Members...
Kainelabs Youzify
6.5
CVSSv3
CVE-2014-1889
The Group creation process in the Buddypress plugin prior to 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.
Buddypress Buddypress
1 EDB exploit
6.4
CVSSv3
CVE-2024-3974
The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_name’ parameter in versions up to, and including, 12.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »