Lucene search
K

303 matches found

CVE
CVE
added 4 days ago16 views

CVE-2026-15010

The CVE-2026-15010 entry concerns the bbp Style Pack plugin for WordPress, vulnerable to Stored Cross-Site Scripting (XSS) in versions up to and including 6.4.5 via the Topic Form Additional Fields feature. Root causes are insufficient input sanitization in bsp_topic_fields_form_save(), which wri...

6.4CVSS6.2AI score0.00208EPSS
Exploits0References4
NVD
NVD
added 5 days ago8 views

CVE-2026-15287

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS0.00276EPSS
Exploits0References2
CVE
CVE
added 5 days ago9 views

CVE-2026-15287

The CVE-2026-15287 entry affects the rtMedia plugin for WordPress, BuddyPress and bbPress. It describes a time-based SQL Injection via the order_by parameter in all versions up to and including 4.6.18, caused by insufficient escaping of user input and inadequate preparation of the SQL query. Auth...

6.5CVSS6AI score0.00276EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36982

Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress = 4.7.9 versions...

6.5CVSS5.1AI score0.00279EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.9 views

CVE-2026-40773

Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress = 4.7.9 versions...

6.5CVSS0.00279EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.30 views

CVE-2026-40773 WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress = 4.7.9 versions...

6.5CVSS0.00279EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.19 views

CVE-2026-40773

The CVE covers WordPress plugin rtMedia for WordPress, BuddyPress and bbPress, vulnerable in versions

6.5CVSS5.1AI score0.00279EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.15 views

PT-2026-49417

Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress = 4.7.9 versions...

6.5CVSS5.1AI score0.00279EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/21 3:21 p.m.15 views

WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress versions = 4.7.9...

5.8AI score0.00279EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.5 views

CVE-2025-53228

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jezza101 bbpress Simple Advert Units bbpress-simple-advert-units allows Reflected XSS.This issue affects bbpress Simple Advert Units: from n/a through = 0.41...

7.1CVSS5.5AI score0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.7 views

CVE-2025-53228

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jezza101 bbpress Simple Advert Units bbpress-simple-advert-units allows Reflected XSS.This issue affects bbpress Simple Advert Units: from n/a through = 0.41...

7.1CVSS0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.12 views

CVE-2025-53228

The CVE-2025-53228 issue affects WordPress bbpress Simple Advert Units (plugin) up to and including version 0.41. It is a Reflected Cross‑Site Scripting (XSS) vulnerability caused by improper input neutralization during web page generation. Affected component: bbpress-simple-advert-units. Impact ...

7.1CVSS5.5AI score0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.4 views

CVE-2025-53228 WordPress bbpress Simple Advert Units Plugin <= 0.41 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jezza101 bbpress Simple Advert Units bbpress-simple-advert-units allows Reflected XSS.This issue affects bbpress Simple Advert Units: from n/a through = 0.41...

7.1CVSS5.3AI score0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.27 views

CVE-2025-53228 WordPress bbpress Simple Advert Units Plugin <= 0.41 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jezza101 bbpress Simple Advert Units bbpress-simple-advert-units allows Reflected XSS.This issue affects bbpress Simple Advert Units: from n/a through = 0.41...

7.1CVSS0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 1:27 p.m.5 views

CVE-2026-25325

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through = 4.7.8...

5.3CVSS5.5AI score0.00316EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.6 views

PT-2026-21035

Name of the Vulnerable Software and Affected Versions bbpress Simple Advert Units versions through 0.41 Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, which can lead to Reflected Cross-site Scripting XSS. This means that an...

7.1CVSS5.4AI score0.00263EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.11 views

WordPress plugin bbpress Simple Advert Units 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

7.1CVSS5.7AI score0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 8:26 a.m.11 views

CVE-2026-25325

CVE-2026-25325 affects the WordPress rtMedia ecosystem: rtMedia for WordPress, BuddyPress and bbPress (buddypress-media) plugin versions up to and including 4.7.8 expose sensitive system information to an unauthorized control sphere, enabling retrieval of embedded sensitive data. The issue is roo...

5.3CVSS5.5AI score0.00316EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 8:26 a.m.4 views

CVE-2026-25325 WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.8 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through = 4.7.8...

5.3CVSS5.5AI score0.00316EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 8:26 a.m.34 views

CVE-2026-25325 WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.8 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through = 4.7.8...

5.3CVSS0.00316EPSS
Exploits0References1
Rows per page
Query Builder