85 matches found
WordPress BuddyBoss Platform plugin < 2.6.0 - Subscriber+ Comment on Private Post via IDOR vulnerability
Subscriber+ Comment on Private Post via IDOR vulnerability discovered by Faris Krivic in WordPress Plugin Buddyboss Platform versions 2.6.0...
CVE-2025-1909
The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...
WordPress BuddyBoss Platform plugin <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bp_nouveau_ajax_media_save' function vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via 'bpnouveauajaxmediasave' function vulnerability discovered by Kaique Peres in WordPress Plugin Buddyboss Platform versions = 2.8.50...
WordPress BuddyBoss Platform plugin <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bbp_topic_title' vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via 'bbptopictitle' vulnerability discovered by Kaique Peres in WordPress Plugin Buddyboss Platform versions = 2.8.50...
EUVD-2021-31508
Malicious code in bioql PyPI...
EUVD-2024-54443
Malicious code in bioql PyPI...
EUVD-2024-54444
Malicious code in bioql PyPI...
EUVD-2023-36914
Malicious code in bioql PyPI...
EUVD-2025-13435
Malicious code in bioql PyPI...
EUVD-2024-54442
Malicious code in bioql PyPI...
EUVD-2024-53948
Malicious code in bioql PyPI...
CVE-2021-43334
BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Group Description field...
WordPress BuddyBoss platform plugin < 2.7.60 - Private Comment Exposure via IDOR vulnerability
Private Comment Exposure via IDOR vulnerability discovered by Faris Krivi in WordPress Plugin Buddyboss Platform versions 2.7.60...
CVE-2024-12767
The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts...
CVE-2024-12767 BuddyBoss platform < 2.7.60 - Private Comment Exposure via IDOR
The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts...
CVE-2024-12767 BuddyBoss platform < 2.7.60 - Private Comment Exposure via IDOR
The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts...
PT-2025-21442 · WordPress · Buddyboss Platform
Name of the Vulnerable Software and Affected Versions: buddyboss-platform versions prior to 2.7.60 Description: The issue is related to improper access controls in the buddyboss-platform WordPress plugin, allowing a logged-in user to view comments on private posts. Recommendations: For versions...
WordPress plugin buddyboss-platform 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2025-1909
The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...
CVE-2025-1909
The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...