Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
buddypress buddypress vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-35746
Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a up to and including 2.1.4.2.
Buddypress Cover Project Buddypress Cover
8.8
CVSSv3
CVE-2024-35726
Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a up to and including 3.4.19.
Themekraft Buddypress Woocommerce My Account Integration. Create Woocommerce Member Pages
8.8
CVSSv3
CVE-2023-5931
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin prior to 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to upload arbitrary files such as PHP on the server
Rtcamp Rtmedia
8.8
CVSSv3
CVE-2023-28694
Cross-Site Request Forgery (CSRF) vulnerability in Wbcom Designs Wbcom Designs – BuddyPress Activity Social Share plugin <= 3.5.0 versions.
Wbcomdesigns Buddypress Activity Social Share
8.8
CVSSv3
CVE-2022-45074
Cross-Site Request Forgery (CSRF) vulnerability in Paramveer Singh for Arete IT Private Limited Activity Reactions For Buddypress plugin <= 1.0.22 versions.
Areteit Activity Reactions For Buddypress
8.8
CVSSv3
CVE-2021-21389
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 prior to 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerabi...
Buddypress Buddypress
3 Github repositories
8.1
CVSSv3
CVE-2015-9455
The buddypress-activity-plus plugin prior to 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.
Incsub Buddypress-activity-plus
7.5
CVSSv3
CVE-2020-5244
In BuddyPress prior to 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.
Buddypress Buddypress
7.2
CVSSv3
CVE-2023-5939
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin prior to 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users.
Rtcamp Rtmedia
6.5
CVSSv3
CVE-2023-47191
Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify – BuddyPress Community, User Profile, Social Network & Members...
Kainelabs Youzify
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »