31 matches found
WordPress BuddyForms Plugin <= 2.8.7 is vulnerable to Broken Access Control
Software BuddyForms Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1158 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2d73d2a4cbed Credits Lucio Sá Required privilege...
WordPress BuddyForms Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)
Software BuddyForms Type Plugin Vulnerable versions = 2.8.1 Fixed in 2.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25981 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 00a2c7a49e64 Credits István Márton Required...
CVE-2022-38971 WordPress BuddyForms Plugin <= 2.7.5 is vulnerable to Cross Site Scripting (XSS)
Stored Cross-Site Scripting XSS vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin = 2.7.5 versions...
CVE-2023-26326
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used t...
CVE-2023-26326
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used t...
BuddyForms < 2.7.8 - Unauthenticated PHAR Deserialization
The plugin does not validate the url parameter of its uploadimagefromurl AJAX action, which could allow unauthenticated attackers to perform PHAR deserialisation granted they an upload a file to the server and a suitable gadget chain is present as well PoC 1. Create a malicious phar file. 2...
PT-2023-20614 · WordPress · Buddyforms
Name of the Vulnerable Software and Affected Versions: BuddyForms WordPress plugin versions prior to 2.7.8 Description: The issue is related to an unauthenticated insecure deserialization problem. An attacker could exploit this to call files using a PHAR wrapper, which deserializes data and calls...
CVE-2018-21003
The buddyforms plugin before 2.2.8 for WordPress has SQL injection...
CVE-2018-21003
The buddyforms plugin before 2.2.8 for WordPress has SQL injection...
Sql injection
The buddyforms plugin before 2.2.8 for WordPress has SQL injection...
CVE-2018-21003
The buddyforms plugin before 2.2.8 for WordPress has SQL injection...