Lucene search
K

300 matches found

Patchstack
Patchstack
added 2026/02/01 1:15 p.m.6 views

WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Doan Dinh Van in WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress versions = 4.7.8...

5.3CVSS5.5AI score0.00316EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:17 a.m.6 views

CVE-2025-1435

The bbPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.11. This is due to missing or incorrect nonce validation on the bbpuseraddroleonregister function. This makes it possible for unauthenticated attackers to elevate their privilege...

6.3CVSS6.6AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/13 4:31 a.m.32 views

CVE-2025-9218 rtMedia for WordPress, BuddyPress and bbPress 4.7.0 - 4.7.3 - Missing Authorization to Unauthenticated Information Disclosure via handle_rest_pre_dispatch Function

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handlerestpredispatch function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. This makes it possible for unauthenticated attackers to...

3.7CVSS0.0023EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.4 views

WordPress plugin rtMedia for WordPress、BuddyPress和bbPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a suite of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

3.7CVSS6.3AI score0.0023EPSS
Exploits0References4
CNVD
CNVD
added 2025/10/24 12:0 a.m.7 views

WordPress bbPress Notify plugin cross-site scripting vulnerability

WordPress bbPress Notify plugin is a notification plugin designed for WordPress forum plugin bbPress to replace the default subscription system and provide more flexible and personalized email updates. WordPress bbPress Notify plugin suffers from a cross-site scripting vulnerability that stems fr...

7.1CVSS6.1AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/23 3:14 p.m.6 views

CVE-2025-49962

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in useStrict bbPress Notify bbpress-notify-nospam allows Reflected XSS.This issue affects bbPress Notify: from n/a through = 2.19.5...

7.1CVSS5.9AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/23 3:14 p.m.3 views

CVE-2025-49959

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Casier bbPress Move Topics bbp-move-topics allows Reflected XSS.This issue affects bbPress Move Topics: from n/a through = 1.1.6...

7.1CVSS6.4AI score0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/22 3:31 p.m.5 views

EUVD-2025-35499

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in useStrict bbPress Notify bbpress-notify-nospam allows Reflected XSS.This issue affects bbPress Notify: from n/a through = 2.19.4...

5.9AI score0.00228EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/22 3:31 p.m.4 views

EUVD-2025-35502

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Casier bbPress Move Topics bbp-move-topics allows Reflected XSS.This issue affects bbPress Move Topics: from n/a through = 1.1.6...

5.9AI score0.00228EPSS
Exploits0References2
NVD
NVD
added 2025/10/22 3:15 p.m.5 views

CVE-2025-49962

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in useStrict bbPress Notify bbpress-notify-nospam allows Reflected XSS.This issue affects bbPress Notify: from n/a through = 2.19.5...

7.1CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2025/10/22 3:15 p.m.3 views

CVE-2025-49959

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Casier bbPress Move Topics bbp-move-topics allows Reflected XSS.This issue affects bbPress Move Topics: from n/a through = 1.1.6...

7.1CVSS0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/22 2:32 p.m.3 views

CVE-2025-49962 WordPress bbPress Notify plugin <= 2.19.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in useStrict bbPress Notify bbpress-notify-nospam allows Reflected XSS.This issue affects bbPress Notify: from n/a through = 2.19.5...

7.1CVSS5.9AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/22 2:32 p.m.9 views

CVE-2025-49962 WordPress bbPress Notify plugin <= 2.19.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in useStrict bbPress Notify bbpress-notify-nospam allows Reflected XSS.This issue affects bbPress Notify: from n/a through = 2.19.5...

7.1CVSS0.00228EPSS
Exploits0References1
CVE
CVE
added 2025/10/22 2:32 p.m.8 views

CVE-2025-49962

The CVE-2025-49962 entry concerns the WordPress bbPress Notify plugin (bbpress-notify-nospam) with a Reflected XSS vulnerability due to improper handling/escaping of user-supplied data when generating web pages. Affected versions include bbPress Notify up to 2.19.4 (and related references indicat...

7.1CVSS5.9AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/22 2:32 p.m.5 views

CVE-2025-49959 WordPress bbPress Move Topics plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Casier bbPress Move Topics bbp-move-topics allows Reflected XSS.This issue affects bbPress Move Topics: from n/a through = 1.1.6...

7.1CVSS0.00228EPSS
Exploits0References1
CVE
CVE
added 2025/10/22 2:32 p.m.9 views

CVE-2025-49959

CVE-2025-49959 affects the WordPress bbPress Move Topics plugin, specifically versions &lt;= 1.1.6. The issue is a Cross-Site Scripting (XSS) vulnerability arising from improper input handling during web page generation, leading to reflected XSS. Multiple connected sources corroborate: NVD/Red Ha...

7.1CVSS6AI score0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/22 2:32 p.m.2 views

CVE-2025-49959 WordPress bbPress Move Topics plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Casier bbPress Move Topics bbp-move-topics allows Reflected XSS.This issue affects bbPress Move Topics: from n/a through = 1.1.6...

7.1CVSS6AI score0.00228EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.7 views

PT-2025-43220

Name of the Vulnerable Software and Affected Versions bbPress Move Topics versions through 1.1.6 Description The software contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-site Scripting issue. This allows for the injection of malicious...

7.1CVSS6.7AI score0.00228EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.7 views

PT-2025-43223

Name of the Vulnerable Software and Affected Versions bbPress Notify versions through 2.19.4 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Reflected Cross-Site Scripting XSS condition. This issue exists in t...

7.1CVSS5.8AI score0.00228EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.5 views

WordPress plugin bbPress Notify 跨站脚本漏洞

WordPress bbPress Notify plugin is a notification plugin designed for WordPress forum plugin bbPress to replace the default subscription system and provide more flexible and personalized email updates. WordPress bbPress Notify plugin suffers from a cross-site scripting vulnerability that stems fr...

7.1CVSS6AI score0.00228EPSS
Exploits0References1
Rows per page
Query Builder