618 matches found
BuddyPress REST API <7.2.1 - Privilege Escalation/Remote Code Execution
WordPress BuddyPress before version 7.2.1 is susceptible to a privilege escalation vulnerability that can be leveraged to perform remote code execution. id: CVE-2021-21389 info: name: BuddyPress REST API 7.2.1 - Privilege Escalation/Remote Code Execution author: lotusdll severity: high descriptio...
CVE-2020-37233
WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like...
CVE-2020-37233 WordPress Plugin Buddypress 6.2.0 Persistent Cross-Site Scripting
WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like...
CVE-2020-37233
WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like...
CVE-2020-37233
CVE-2020-37233 affects WordPress Buddypress 6.2.0 via a persistent cross-site scripting in wp:html blocks (figure parameter). Exploitation requires moderator privileges and authenticated access; an iframe with event handlers (e.g., onload) can run when privileged users preview/view content, enabl...
EUVD-2020-31235
WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like...
CVE-2020-37233 WordPress Plugin Buddypress 6.2.0 Persistent Cross-Site Scripting
WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like...
WordPress plugin Buddypress 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-41433
WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like...
CVE-2018-25308
BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the fieldhiddenfile and fielddeleteimg parameters during profile editing to unlink...
CVE-2018-25308 BuddyPress Xprofile Custom Fields Type 2.6.3 Arbitrary File Deletion
BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the fieldhiddenfile and fielddeleteimg parameters during profile editing to unlink...
EUVD-2018-21829
BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the fieldhiddenfile and fielddeleteimg parameters during profile editing to unlink...
CVE-2018-25308
Affected product: BuddyPress Xprofile Custom Fields Type 2.6.3. Vulnerability: remote code execution via unescaped POST parameters during profile editing, enabling authenticated users to delete arbitrary files by manipulating field_hiddenfile and field_deleteimg. Impact: high impact on confidenti...
WordPress plugin BuddyPress Xprofile Custom Fields Type 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress versions = 4.7.9...
CVE-2026-5144
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...
WordPress BuddyPress Groupblog plugin <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR vulnerability
Authenticated Subscriber+ Privilege Escalation to Administrator via Group Blog IDOR vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin BuddyPress Groupblog versions = 1.9.3...
CVE-2026-5144
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...
CVE-2026-5144 BuddyPress Groupblog <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...
CVE-2026-5144
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...