14 matches found
CVE-2025-14064
The BuddyTask plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple AJAX endpoints in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-14064 BuddyTask <= 1.3.0 - Missing Authorization to Authenticated (Subscriber+) Cross-Group Task Board Access and Manipulation
The BuddyTask plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple AJAX endpoints in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-14064
CVE-2025-14064 concerns BuddyTask for WordPress. The vulnerability arises from a missing capability check on multiple AJAX endpoints, affecting all versions up to and including 1.3.0. This allows authenticated attackers with Subscriber-level access or higher to view, create, modify, and delete ta...
PT-2025-50850
The BuddyTask plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple AJAX endpoints in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
EUVD-2025-3750
Malicious code in bioql PyPI...
CVE-2025-24538
Cross-Site Request Forgery CSRF vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cross Site Request Forgery.This issue affects BuddyPress Groups Extras: from n/a through = 3.6.10...
CVE-2025-24538
Cross-Site Request Forgery CSRF vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cross Site Request Forgery.This issue affects BuddyPress Groups Extras: from n/a through = 3.6.10...
CVE-2025-24538
The CVE-2025-24538 issue is a CSRF vulnerability in the WordPress plugin slaFFik BuddyPress Groups Extras, affecting versions up to and including 3.6.10. The connected sources consistently identify this as a cross-site request forgery risk within BuddyPress Groups Extras, with no explicit public ...
CVE-2025-24538 WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cross Site Request Forgery.This issue affects BuddyPress Groups Extras: from n/a through = 3.6.10...
CVE-2025-24538 WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cross Site Request Forgery.This issue affects BuddyPress Groups Extras: from n/a through = 3.6.10...
WordPress plugin BuddyPress Groups Extras 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2025-5389 · Slaffik · Buddypress Groups Extras
Name of the Vulnerable Software and Affected Versions: slaFFik BuddyPress Groups Extras versions 3.6.10 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF problem, which allows an attacker to perform unauthorized actions on a user's account. This is a type of attac...
WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Marek Mikita in WordPress Plugin BuddyPress Groups Extras versions = 3.6.10...
WordPress BuddyPress Groups Integration for WooCommerce Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)
Software BuddyPress Groups Integration for WooCommerce Type Plugin Vulnerable versions = 1.0.4 Fixed in 1.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 74e53a4d5f1c Credits Rafie...