Lucene search
K

31 matches found

Patchstack
Patchstack
added 2024/03/07 12:0 a.m.16 views

WordPress BuddyForms Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software BuddyForms Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1158 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2d73d2a4cbed Credits Lucio Sá Required privilege...

4.3CVSS6.5AI score0.00507EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/05/12 12:0 a.m.15 views

WordPress BuddyForms Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.1 Fixed in 2.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25981 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 00a2c7a49e64 Credits István Márton Required...

6.5CVSS5.8AI score0.00358EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/16 8:49 a.m.13 views

CVE-2022-38971 WordPress BuddyForms Plugin <= 2.7.5 is vulnerable to Cross Site Scripting (XSS)

Stored Cross-Site Scripting XSS vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin = 2.7.5 versions...

4.7CVSS5.7AI score0.00402EPSS
Exploits0References1
OSV
OSV
added 2023/02/23 8:15 p.m.4 views

CVE-2023-26326

The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used t...

9.8CVSS7.4AI score0.03824EPSS
Exploits5References1
Vulnrichment
Vulnrichment
added 2023/02/23 12:0 a.m.11 views

CVE-2023-26326

The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used t...

9.6AI score0.03824EPSS
Exploits5References1
WPVulnDB
WPVulnDB
added 2023/02/23 12:0 a.m.83 views

BuddyForms < 2.7.8 - Unauthenticated PHAR Deserialization

The plugin does not validate the url parameter of its uploadimagefromurl AJAX action, which could allow unauthenticated attackers to perform PHAR deserialisation granted they an upload a file to the server and a suitable gadget chain is present as well PoC 1. Create a malicious phar file. 2...

9.8CVSS9AI score0.03824EPSS
Exploits5Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/23 12:0 a.m.11 views

PT-2023-20614 · WordPress · Buddyforms

Name of the Vulnerable Software and Affected Versions: BuddyForms WordPress plugin versions prior to 2.7.8 Description: The issue is related to an unauthenticated insecure deserialization problem. An attacker could exploit this to call files using a PHAR wrapper, which deserializes data and calls...

9.8CVSS9.7AI score0.03824EPSS
Exploits5References7
NVD
NVD
added 2019/08/27 12:15 p.m.25 views

CVE-2018-21003

The buddyforms plugin before 2.2.8 for WordPress has SQL injection...

9.8CVSS10AI score0.01833EPSS
Exploits0References2
OSV
OSV
added 2019/08/27 12:15 p.m.2 views

CVE-2018-21003

The buddyforms plugin before 2.2.8 for WordPress has SQL injection...

9.8CVSS5.8AI score
Exploits0References2
Prion
Prion
added 2019/08/27 12:15 p.m.14 views

Sql injection

The buddyforms plugin before 2.2.8 for WordPress has SQL injection...

7.5CVSS9.9AI score0.01833EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/27 11:26 a.m.28 views

CVE-2018-21003

The buddyforms plugin before 2.2.8 for WordPress has SQL injection...

10AI score0.01833EPSS
Exploits0References2
Rows per page
Query Builder