14 matches found
CVE-2025-14064
The BuddyTask plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple AJAX endpoints in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-14064 BuddyTask <= 1.3.0 - Missing Authorization to Authenticated (Subscriber+) Cross-Group Task Board Access and Manipulation
The BuddyTask plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple AJAX endpoints in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-14064
CVE-2025-14064 concerns BuddyTask for WordPress. The vulnerability arises from a missing capability check on multiple AJAX endpoints, affecting all versions up to and including 1.3.0. This allows authenticated attackers with Subscriber-level access or higher to view, create, modify, and delete ta...
PT-2025-50850
The BuddyTask plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple AJAX endpoints in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
EUVD-2025-3750
Malicious code in bioql PyPI...
CVE-2025-24538
Cross-Site Request Forgery CSRF vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cross Site Request Forgery.This issue affects BuddyPress Groups Extras: from n/a through = 3.6.10...
CVE-2025-24538
Cross-Site Request Forgery CSRF vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cross Site Request Forgery.This issue affects BuddyPress Groups Extras: from n/a through = 3.6.10...
CVE-2025-24538 WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cross Site Request Forgery.This issue affects BuddyPress Groups Extras: from n/a through = 3.6.10...
CVE-2025-24538 WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cross Site Request Forgery.This issue affects BuddyPress Groups Extras: from n/a through = 3.6.10...
CVE-2025-24538
The CVE-2025-24538 issue is a CSRF vulnerability in the WordPress plugin slaFFik BuddyPress Groups Extras, affecting versions up to and including 3.6.10. The connected sources consistently identify this as a cross-site request forgery risk within BuddyPress Groups Extras, with no explicit public ...
WordPress plugin BuddyPress Groups Extras 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2025-5389 · Slaffik · Buddypress Groups Extras
Name of the Vulnerable Software and Affected Versions: slaFFik BuddyPress Groups Extras versions 3.6.10 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF problem, which allows an attacker to perform unauthorized actions on a user's account. This is a type of attac...
WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Marek Mikita in WordPress Plugin BuddyPress Groups Extras versions = 3.6.10...
WordPress BuddyPress Groups Integration for WooCommerce Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)
Software BuddyPress Groups Integration for WooCommerce Type Plugin Vulnerable versions = 1.0.4 Fixed in 1.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 74e53a4d5f1c Credits Rafie...