Lucene search
+L

165 matches found

Vulnrichment
Vulnrichment
added 2025/05/05 7:42 p.m.15 views

CVE-2025-1909 BuddyBoss Platform Pro <= 2.7.01 - Authentication Bypass via Apple OAuth provider

The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

9.8CVSS6.8AI score0.00573EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/05 7:42 p.m.23 views

CVE-2025-1909 BuddyBoss Platform Pro <= 2.7.01 - Authentication Bypass via Apple OAuth provider

The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

9.8CVSS0.00573EPSS
Exploits0References3
CVE
CVE
added 2025/05/05 7:42 p.m.90 views

CVE-2025-1909

The CVE describes an authentication bypass in the WordPress BuddyBoss Platform Pro plugin (WordPress). Affected versions: up to and including 2.7.01. Root cause: insufficient verification on the user supplied during the Apple OAuth authentication request, allowing unauthenticated attackers to log...

9.8CVSS8.9AI score0.00573EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/05/05 7:42 p.m.8 views

CVE-2025-1909 BuddyBoss Platform Pro <= 2.7.01 - Authentication Bypass via Apple OAuth provider

The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

9.8CVSS7.2AI score0.00573EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.12 views

WordPress plugin BuddyBoss Platform Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

9.8CVSS8.6AI score0.00573EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.9 views

PT-2025-19790

Name of the Vulnerable Software and Affected Versions BuddyBoss Platform Pro plugin for WordPress versions up to, and including, 2.7.01 Description The issue is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes i...

9.8CVSS7.3AI score0.00573EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/05/04 7:9 a.m.29 views

CVE-2024-13858

The BuddyBoss Platform plugin and BuddyBoss Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inviteename’ parameter in all versions up to, and including, 2.8.50 and 2.8.41, respectively, due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS5.5AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/04 7:9 a.m.26 views

CVE-2024-13859

The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bpnouveauajaxmediasave’ function in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/04 7:9 a.m.30 views

CVE-2024-13860

The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bbptopictitle’ parameter in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2025/05/02 7:15 a.m.31 views

CVE-2024-13860

The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bbptopictitle’ parameter in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00227EPSS
Exploits0References3
NVD
NVD
added 2025/05/02 7:15 a.m.25 views

CVE-2024-13859

The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bpnouveauajaxmediasave’ function in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00227EPSS
Exploits0References3
CVE
CVE
added 2025/05/02 6:41 a.m.66 views

CVE-2024-13859

The vulnerability CVE-2024-13859 affects the BuddyBoss Platform WordPress plugin (versions up to and including 2.8.50). Root cause: insufficient input sanitization and output escaping in the bp_nouveau_ajax_media_save function, enabling authenticated attackers with Subscriber-level access or high...

6.4CVSS5.8AI score0.00227EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/02 6:41 a.m.11 views

CVE-2024-13859 BuddyBoss Platform <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bp_nouveau_ajax_media_save' function

The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bpnouveauajaxmediasave’ function in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00227EPSS
Exploits0References3
OSV
OSV
added 2025/05/02 6:41 a.m.10 views

CVE-2024-13859 BuddyBoss Platform <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bp_nouveau_ajax_media_save' function

The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bpnouveauajaxmediasave’ function in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS7.3AI score0.00227EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/05/02 6:41 a.m.37 views

CVE-2024-13859 BuddyBoss Platform <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bp_nouveau_ajax_media_save' function

The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bpnouveauajaxmediasave’ function in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00227EPSS
Exploits0References3
CVE
CVE
added 2025/05/02 6:41 a.m.66 views

CVE-2024-13860

BuddyBoss Platform WordPress plugin

6.4CVSS5.8AI score0.00227EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/02 6:41 a.m.18 views

CVE-2024-13858 BuddyBoss Platform and BuddyBoss Theme <= Multiple Versions - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'invitee_name'

The BuddyBoss Platform plugin and BuddyBoss Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inviteename’ parameter in all versions up to, and including, 2.8.50 and 2.8.41, respectively, due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS5.5AI score0.00246EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/02 6:41 a.m.8 views

CVE-2024-13860 BuddyBoss Platform <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bbp_topic_title'

The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bbptopictitle’ parameter in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00227EPSS
Exploits0References3
CVE
CVE
added 2025/05/02 6:41 a.m.66 views

CVE-2024-13858

The CVE-2024-13858 entry concerns the BuddyBoss Platform plugin for WordPress and BuddyBoss Theme, affected by a Stored Cross-Site Scripting via the invitee_name parameter. Affected versions are all up to 2.8.50 (platform) and 2.8.41 (theme), with insufficient input sanitization and output escapi...

6.4CVSS5.5AI score0.00246EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/05/02 6:41 a.m.42 views

CVE-2024-13858 BuddyBoss Platform and BuddyBoss Theme <= Multiple Versions - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'invitee_name'

The BuddyBoss Platform plugin and BuddyBoss Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inviteename’ parameter in all versions up to, and including, 2.8.50 and 2.8.41, respectively, due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS0.00246EPSS
Exploits0References4
Rows per page
Query Builder