Cross-site scripting (XSS) vulnerability in the BuddyPress plugin prior to 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. NOTE: this can be exploited without authentication by leveraging CVE-2014-1889.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
buddypress buddypress |
||
buddypress buddypress 1.8.1 |
||
buddypress buddypress 1.6.3 |
||
buddypress buddypress 1.6.2 |
||
buddypress buddypress 1.5.5 |
||
buddypress buddypress 1.5.6 |
||
buddypress buddypress 1.7 |
||
buddypress buddypress 1.6.5 |
||
buddypress buddypress 1.6.4 |
||
buddypress buddypress 1.5.3.1 |
||
buddypress buddypress 1.5.4 |
||
buddypress buddypress 1.7.2 |
||
buddypress buddypress 1.7.1 |
||
buddypress buddypress 1.5.2 |
||
buddypress buddypress 1.5.3 |
||
buddypress buddypress 1.6.1 |
||
buddypress buddypress 1.8 |
||
buddypress buddypress 1.7.3 |
||
buddypress buddypress 1.5 |
||
buddypress buddypress 1.5.1 |
||
buddypress buddypress 1.5.7 |
||
buddypress buddypress 1.6 |