Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bbpress vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2020-13487
The bbPress plugin up to and including 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?a...
Bbpress Bbpress
9.8
CVSSv3
CVE-2020-13693
An unauthenticated privilege-escalation issue exists in the bbPress plugin prior to 2.6.5 for WordPress when New User Registration is enabled.
Bbpress Bbpress
6.1
CVSSv3
CVE-2011-1150
bbPress up to and including 1.0.2 has XSS in /bb-login.php url via the re parameter.
Bbpress Bbpress
NA
CVE-2007-3244
SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress prior to 0.8.1 might allow remote malicious users to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the "quircky slashes bug.&q...
Bbpress Bbpress 0.8
NA
CVE-2011-3710
bbPress 1.0.2 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files.
Bbpress Bbpress 1.0.2
NA
CVE-2007-3243
Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote malicious users to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header.
Bbpress Bbpress 0.8.1
1 EDB exploit
9.8
CVSSv3
CVE-2018-21005
The bbp-move-topics plugin prior to 1.1.6 for WordPress has code injection.
Bbpress Move Topics Project Bbpress Move Topics
8.8
CVSSv3
CVE-2018-21006
The bbp-move-topics plugin prior to 1.1.6 for WordPress has CSRF.
Bbpress Move Topics Project Bbpress Move Topics
8.8
CVSSv3
CVE-2023-34031
Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions.
Casier Bbpress Toolkit
6.1
CVSSv3
CVE-2023-34032
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions.
Casier Bbpress Toolkit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »