12 matches found
CVE-2018-25308
BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the fieldhiddenfile and fielddeleteimg parameters during profile editing to unlink...
EUVD-2018-21829
BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the fieldhiddenfile and fielddeleteimg parameters during profile editing to unlink...
WordPress BuddyPress Xprofile Custom Field Types plugin <= 1.2.8 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin BuddyPress Xprofile Custom Field Types versions = 1.2.8...
CVE-2025-14997
The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'deletefield' function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-14997 BuddyPress Xprofile Custom Field Types <= 1.2.8 - Authenticated (Subscriber+) Arbitrary File Deletion
The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'deletefield' function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-14997
CVE-2025-14997 affects the BuddyPress Xprofile Custom Field Types plugin for WordPress. The root cause is insufficient file-path validation in the delete_field function across versions up to 1.2.8, enabling an authenticated attacker (Subscriber+) to delete arbitrary server files (e.g., wp-config....
CVE-2025-48158
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field buddypress-xprofile-image-field allows Path Traversal.This issue affects BuddyPress XProfile Custom Image Field: from n/a through = 3.0.1...
CVE-2025-48158
CVE-2025-48158 affects the WordPress plugin BuddyPress XProfile Custom Image Field (vulnerable:
WordPress plugin BuddyPress XProfile Custom Image Field 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2025-33917 · Unknown · Buddypress Xprofile Custom Image Field
Name of the Vulnerable Software and Affected Versions: BuddyPress XProfile Custom Image Field versions through 3.0.1 Description: This issue involves an improper limitation of a pathname to a restricted directory, also known as a path traversal. This allows an attacker to access restricted...
Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution
Exploit Title: Plugin Buddypress Xprofile Custom Fields Type 2.6.3 RCE – Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/ Software Link: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/...
Buddypress Xprofile Custom Fields Type 2.6.3 Remote Code Execution
Exploit Title: Plugin Buddypress Xprofile Custom Fields Type 2.6.3 RCE a Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/ Software Link: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/...