EUVD-2024-32540

Malicious code in bioql PyPI...

EUVD-2024-34407

Malicious code in bioql PyPI...

EUVD-2024-32862

Malicious code in bioql PyPI...

EUVD-2023-55613

Malicious code in bioql PyPI...

CVE-2023-50880

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1...

CVE-2021-21389

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in...

CVE-2025-31006

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in arete-it Activity Reactions For Buddypress activity-reactions-for-buddypress allows Reflected XSS.This issue affects Activity Reactions For Buddypress: from n/a through = 1.0.22...

CVE-2024-13358

The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.24. This makes it possible for authenticated...

CVE-2024-13358

CVE-2024-13358 affects the BuddyPress WooCommerce My Account Integration (WC4BP) plugin for WordPress, with all versions up to 3.4.24 vulnerable to unauthorized access due to a missing capability check in wc4bp_delete_page(), allowing authenticated attackers with Subscriber-level access or higher...

CVE-2025-23771

CVE-2025-23771 describes a Missing Authorization vulnerability in the WordPress plugin Push Notification for Post and BuddyPress (Murali Push Notification for Post and BuddyPress). Affected versions are from n/a through 2.11. The issue stems from incorrectly configured access control levels, enab...

CVE-2020-5244

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

CVE-2024-13370

The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the saveaddonkeylicense function in all versions up to, and including, 1.3.3. This makes it possible fo...

CVE-2025-23798

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ElbowRobo Mass Messaging in BuddyPress mass-messaging-in-buddypress allows Reflected XSS.This issue affects Mass Messaging in BuddyPress: from n/a through = 2.2.1...

PT-2025-5098 · Unknown +1 · Buddypress +1

Name of the Vulnerable Software and Affected Versions: Eliott Robson Mass Messaging in BuddyPress versions n/a through 2.2.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for Reflected Cross-site Scripting XSS. This means an attacke...

WordPress plugin Push Notification for Post and BuddyPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2023-50880

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1...

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. BuddyPress has a security vulnerability prior to 5.0.0 and 7.2.1 that can be exploited by an attacke...