Lucene search

Bbpress Security Vulnerabilities

cve

CVE-2024-3293

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmedia_gallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing.....

8.8CVSS

7.8AI Score

0.0004EPSS

2024-04-23 02:15 AM

cve

CVE-2023-51668

Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress.This issue affects Inline Image Upload for BBPress: from n/a through...

8.8CVSS

7.3AI Score

0.001EPSS

2024-01-05 10:15 AM

cve

CVE-2023-5931

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to upload arbitrary files such as PHP on the...

8.8CVSS

7.3AI Score

0.001EPSS

2023-12-26 07:15 PM

cve

CVE-2023-5939

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged...

7.2CVSS

7.8AI Score

0.001EPSS

2023-12-26 07:15 PM

cve

CVE-2023-34031

Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12...

8.8CVSS

7.7AI Score

0.001EPSS

2023-11-09 09:15 PM

cve

CVE-2023-34032

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12...

6.1CVSS

6AI Score

0.0005EPSS

2023-08-30 03:15 PM

cve

CVE-2023-24403

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP For The Win bbPress Voting plugin <= 2.1.11.0...

4.8CVSS

4.8AI Score

0.001EPSS

2023-04-06 11:15 AM

cve

CVE-2022-45816

Auth. Stored Cross-Site Scripting (XSS) vulnerability in GD bbPress Attachments plugin <= 4.3.1 on...

5.4CVSS

5.2AI Score

0.001EPSS

2022-12-06 10:15 PM

295

cve

CVE-2020-13693

An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is...

9.8CVSS

9.4AI Score

0.832EPSS

2020-05-29 12:15 AM

169

cve

CVE-2020-13487

The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit...

4.8CVSS

6.1AI Score

0.002EPSS

2020-05-26 02:15 PM

cve

CVE-2011-1150

bbPress through 1.0.2 has XSS in /bb-login.php url via the re...

6.1CVSS

6.5AI Score

0.001EPSS

2020-02-05 10:15 PM

cve

CVE-2011-3710

bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other...

6.9AI Score

0.003EPSS

2011-09-23 11:55 PM

cve

CVE-2007-3243

Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer...

6.3AI Score

0.008EPSS

2007-06-15 01:30 AM

cve

CVE-2007-3244

SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the "quircky slashes...

9.3AI Score

0.009EPSS

2007-06-15 01:30 AM