Lucene search
+L

654 matches found

cve
cve
added 2012/09/04 8:0 p.m.47 views

CVE-2012-2109

The CVE-2012-2109 entry relates to a SQL injection in the BuddyPress WordPress plugin (1.5.x before 1.5.5) triggered via the page parameter in an activity_widget_filter action. Affected component is BuddyPress plugin for WordPress; root cause is unsafely constructed SQL from user-controllable inp...

7.5CVSS8.7AI score0.03459EPSS
Exploits1References6Affected Software1
cvelist
cvelist
added 2012/09/04 8:0 p.m.23 views

CVE-2012-2109

SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activitywidgetfilter action...

8.4AI score0.03459EPSS
Exploits1References6
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.46 views

SQL injection in Wordpress plugin Buddypress

Hi, I would like disclosure SQL injection vulnerability if Buddypress plugin affecting last versions. This issue was reported to developers and resolved in 1.5.5 version. So, I suggest all having this plugin in their blogs update to last version, if you haven't done it yet. Example of POST messag...

0.4AI score
Exploits0
packetstorm
packetstorm
added 2012/04/04 12:0 a.m.26 views

WordPress Buddypress SQL Injection

Hi, I would like disclosure SQL injection vulnerability if Buddypress plugin affecting last versions. This issue was reported to developers and resolved in 1.5.5 version. So, I suggest all having this plugin in their blogs update to last version, if you haven't done it yet. Example of POST messag...

Exploits0
myhack58
myhack58
added 2012/04/01 12:0 a.m.19 views

Wordpress plugin Buddypress remote SQL injection and fix-vulnerability warning-the black bar safety net

Title: Buddypress plugin of Wordpress remote SQL Injection Author: Ivan Terkin Type: Remote Exploit Vulnerability: Remote SQL Injection Software download address: buddypress.org Affects versions: 1.5.5 and below Test platform: Buddypress 1.5.4 POST /wp-load.php HTTP/1.1 User-Agent: Mozilla Host:...

1.2AI score
Exploits0
zdt
zdt
added 2012/03/31 12:0 a.m.33 views

Wordpress BuddyPress plugin SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Buddypress plugin of Wordpress remote SQL Injection Date: March 31, 2012 Author: Ivan Terkin Exploitation: Remote Exploit Bug: Remote SQL Injection Software Link: buddypress.org Version: till 1.5.5 Tested on: Buddypress 1.5.4 PO...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2012/03/31 12:0 a.m.8 views

WordPress Plugin BuddyPress Plugin 1.5.x 1.5.5 - SQL Injection

WordPress Plugin BuddyPress Plugin 1.5.x 1.5.5 - SQL Injection Exploit Title: Buddypress plugin of Wordpress remote SQL Injection Date: March 31, 2012 Author: Ivan Terkin Exploitation: Remote Exploit Bug: Remote SQL Injection Software Link: buddypress.org Version: till 1.5.5 Tested on: Buddypress...

0.4AI score
Exploits0
exploitdb
exploitdb
added 2012/03/31 12:0 a.m.34 views

WordPress Plugin BuddyPress Plugin 1.5.x < 1.5.5 - SQL Injection

Exploit Title: Buddypress plugin of Wordpress remote SQL Injection Date: March 31, 2012 Author: Ivan Terkin Exploitation: Remote Exploit Bug: Remote SQL Injection Software Link: buddypress.org Version: till 1.5.5 Tested on: Buddypress 1.5.4 POST /wp-load.php HTTP/1.1 User-Agent: Mozilla Host:...

7.4AI score
Exploits0
patchstack
patchstack
added 2012/03/31 12:0 a.m.20 views

WordPress BuddyPress Plugin 1.5.5 - Remote SQL Injection

Buddypress plugin is prone to Remote SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

7.5CVSS3.5AI score0.03459EPSS
Exploits1References1Affected Software1
wpvulndb
wpvulndb
added 2012/03/31 12:0 a.m.20 views

Buddypress <= 1.5.4 - SQL Injection

The BuddyPress WordPress plugin was affected by a SQL Injection security vulnerability...

7.5CVSS2.2AI score0.03459EPSS
Exploits1References1Affected Software1
exploitdb
exploitdb
added 2011/09/26 12:0 a.m.21 views

WordPress Plugin BuddyPress 1.2.10 / WordPress Theme DEV Blogs Mu 1.2.6 (WordPress 3.1.4) - Regular Subscriber HTML Injection

source: https://www.securityfocus.com/bid/49765/info Multiple products are prone to an HTML-injection vulnerability because they fail to sufficiently sanitize user-supplied input. An attacker could exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting victi...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2011/09/26 12:0 a.m.18 views

WordPress Plugin BuddyPress 1.2.10 WordPress Theme DEV Blogs Mu 1.2.6 (WordPress 3.1.4) - Regular Subscriber HTML Injection

WordPress Plugin BuddyPress 1.2.10 WordPress Theme DEV Blogs Mu 1.2.6 WordPress 3.1.4 - Regular Subscriber HTML Injection source: https://www.securityfocus.com/bid/49765/info Multiple products are prone to an HTML-injection vulnerability because they fail to sufficiently sanitize user-supplied...

7.6AI score
Exploits0
patchstack
patchstack
added 2011/09/26 12:0 a.m.11 views

WordPress BuddyPress Plugin 1.2.10 - HTML Injection Vulnerability

BuddyPress plugin is prone to an HTML-injection vulnerability because of failure to sufficiently clean up user-supplied input. It allows an attacker to execute arbitrary script code in the browser in the context of the affected websites. In this way an attacker can steal cookie-based authenticati...

1.9AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.138 views

HTB22955: Path disclosure in BuddyPress WordPress plugin

Vulnerability ID: HTB22955 Reference: http://www.htbridge.ch/advisory/pathdisclosureinbuddypresswordpressplugin.html Product: BuddyPress Vendor: BuddyPress http://buddypress.org/ Vulnerable Version: 1.2.8 Vendor Notification: 12 April 2011 Vulnerability Type: Path disclosure Risk level: Low Credi...

7AI score
Exploits0
Rows per page
Query Builder