WordPress BP Profile Search plugin <= 5.7.5 - Cross-Site Request Forgery to Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin BP Profile Search versions = 5.7.5...

WordPress BP Profile Search Plugin <= 4.5.3 - PHP Object Injection

This plugin is prone to a PHP object injection vulnerability. Solution Update the plugin...

BP Profile Search <= 4.5.3 - PHP Object Injection

The plugin bp-profile-search insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. This vulnerability was patched in version 4.6, information is being released now as a disclosure period has expired...