CVE-2024-5149
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
7.2 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.0%
The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| themekraft:buddyforms | themekraft buddyforms | le | 2.8.9 |
CNA Affected
[
{
"vendor": "svenl77",
"product": "Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "2.8.9",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
7.2 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.0%