Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
buddyboss buddyboss vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-44692
BuddyBoss Platform up to and including 1.8.0 allows remote malicious users to obtain the email address of each user. When creating a new user, it generates a Unique ID for their profile. This UID is their private email address with symbols removed and periods replaced with hyphen...
Buddyboss Buddyboss
312
VMScore
CVE-2021-43334
BuddyBoss Platform up to and including 1.8.0 allows XSS via the Group Name or Group Description field.
Buddyboss Buddyboss
NA
CVE-2023-32669
Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id).
Buddyboss Buddyboss 2.2.9
NA
CVE-2023-32670
Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered w...
Buddyboss Buddyboss 2.2.9
NA
CVE-2023-32671
A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an malicious user to store a malicious javascript payload via POST request when sending an invitation.
Buddyboss Buddyboss 2.2.9
312
VMScore
CVE-2018-21014
The buddyboss-media plugin up to and including 3.2.3 for WordPress has stored XSS.
Buddyboss Buddymoss Media
NA
CVE-2023-45755
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BuddyBoss BuddyPress Global Search plugin <= 1.2.1 versions.
Buddyboss Buddypress Global Search
NA
CVE-2023-51477
Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a up to and including 2.4.60.
NA
CVE-2023-49168
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPlus Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss allows Stored XSS.This issue affects Better Messages – Li...
Wordplus Better Messages
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started