Lucene search
K

12 matches found

NVD
NVD
added 2026/04/29 8:16 p.m.8 views

CVE-2018-25308

BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the fieldhiddenfile and fielddeleteimg parameters during profile editing to unlink...

8.8CVSS0.00741EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/29 7:24 p.m.3 views

EUVD-2018-21829

BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the fieldhiddenfile and fielddeleteimg parameters during profile editing to unlink...

8.8CVSS6.5AI score0.00741EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/06 6:26 a.m.8 views

WordPress BuddyPress Xprofile Custom Field Types plugin <= 1.2.8 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin BuddyPress Xprofile Custom Field Types versions = 1.2.8...

7.2CVSS6.8AI score0.00615EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/06 5:16 a.m.5 views

CVE-2025-14997

The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'deletefield' function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS0.00615EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/06 4:31 a.m.2 views

CVE-2025-14997 BuddyPress Xprofile Custom Field Types <= 1.2.8 - Authenticated (Subscriber+) Arbitrary File Deletion

The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'deletefield' function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS7AI score0.00615EPSS
Exploits0References3
CVE
CVE
added 2026/01/06 4:31 a.m.21 views

CVE-2025-14997

CVE-2025-14997 affects the BuddyPress Xprofile Custom Field Types plugin for WordPress. The root cause is insufficient file-path validation in the delete_field function across versions up to 1.2.8, enabling an authenticated attacker (Subscriber+) to delete arbitrary server files (e.g., wp-config....

8.8CVSS7AI score0.00615EPSS
Exploits0References3
NVD
NVD
added 2025/08/20 8:15 a.m.2 views

CVE-2025-48158

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field buddypress-xprofile-image-field allows Path Traversal.This issue affects BuddyPress XProfile Custom Image Field: from n/a through = 3.0.1...

8.6CVSS0.00441EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 8:3 a.m.14 views

CVE-2025-48158

CVE-2025-48158 affects the WordPress plugin BuddyPress XProfile Custom Image Field (vulnerable:

8.6CVSS5.9AI score0.00441EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.3 views

WordPress plugin BuddyPress XProfile Custom Image Field 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.6CVSS6.4AI score0.00441EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.4 views

PT-2025-33917 · Unknown · Buddypress Xprofile Custom Image Field

Name of the Vulnerable Software and Affected Versions: BuddyPress XProfile Custom Image Field versions through 3.0.1 Description: This issue involves an improper limitation of a pathname to a restricted directory, also known as a path traversal. This allows an attacker to access restricted...

8.6CVSS6.3AI score0.00441EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2018/04/09 12:0 a.m.21 views

Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution

Exploit Title: Plugin Buddypress Xprofile Custom Fields Type 2.6.3 RCE – Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/ Software Link: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2018/04/09 12:0 a.m.28 views

Buddypress Xprofile Custom Fields Type 2.6.3 Remote Code Execution

Exploit Title: Plugin Buddypress Xprofile Custom Fields Type 2.6.3 RCE a Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/ Software Link: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/...

0.1AI score
Exploits0
Rows per page
Query Builder