300 matches found
WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.8 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Doan Dinh Van in WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress versions = 4.7.8...
CVE-2025-1435
The bbPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.11. This is due to missing or incorrect nonce validation on the bbpuseraddroleonregister function. This makes it possible for unauthenticated attackers to elevate their privilege...
CVE-2025-9218 rtMedia for WordPress, BuddyPress and bbPress 4.7.0 - 4.7.3 - Missing Authorization to Unauthenticated Information Disclosure via handle_rest_pre_dispatch Function
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handlerestpredispatch function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. This makes it possible for unauthenticated attackers to...
WordPress plugin rtMedia for WordPress、BuddyPress和bbPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a suite of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
WordPress bbPress Notify plugin cross-site scripting vulnerability
WordPress bbPress Notify plugin is a notification plugin designed for WordPress forum plugin bbPress to replace the default subscription system and provide more flexible and personalized email updates. WordPress bbPress Notify plugin suffers from a cross-site scripting vulnerability that stems fr...
CVE-2025-49962
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in useStrict bbPress Notify bbpress-notify-nospam allows Reflected XSS.This issue affects bbPress Notify: from n/a through = 2.19.5...
CVE-2025-49959
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Casier bbPress Move Topics bbp-move-topics allows Reflected XSS.This issue affects bbPress Move Topics: from n/a through = 1.1.6...
EUVD-2025-35499
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in useStrict bbPress Notify bbpress-notify-nospam allows Reflected XSS.This issue affects bbPress Notify: from n/a through = 2.19.4...
EUVD-2025-35502
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Casier bbPress Move Topics bbp-move-topics allows Reflected XSS.This issue affects bbPress Move Topics: from n/a through = 1.1.6...
CVE-2025-49962
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in useStrict bbPress Notify bbpress-notify-nospam allows Reflected XSS.This issue affects bbPress Notify: from n/a through = 2.19.5...
CVE-2025-49959
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Casier bbPress Move Topics bbp-move-topics allows Reflected XSS.This issue affects bbPress Move Topics: from n/a through = 1.1.6...
CVE-2025-49962 WordPress bbPress Notify plugin <= 2.19.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in useStrict bbPress Notify bbpress-notify-nospam allows Reflected XSS.This issue affects bbPress Notify: from n/a through = 2.19.5...
CVE-2025-49962 WordPress bbPress Notify plugin <= 2.19.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in useStrict bbPress Notify bbpress-notify-nospam allows Reflected XSS.This issue affects bbPress Notify: from n/a through = 2.19.5...
CVE-2025-49962
The CVE-2025-49962 entry concerns the WordPress bbPress Notify plugin (bbpress-notify-nospam) with a Reflected XSS vulnerability due to improper handling/escaping of user-supplied data when generating web pages. Affected versions include bbPress Notify up to 2.19.4 (and related references indicat...
CVE-2025-49959 WordPress bbPress Move Topics plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Casier bbPress Move Topics bbp-move-topics allows Reflected XSS.This issue affects bbPress Move Topics: from n/a through = 1.1.6...
CVE-2025-49959
CVE-2025-49959 affects the WordPress bbPress Move Topics plugin, specifically versions <= 1.1.6. The issue is a Cross-Site Scripting (XSS) vulnerability arising from improper input handling during web page generation, leading to reflected XSS. Multiple connected sources corroborate: NVD/Red Ha...
CVE-2025-49959 WordPress bbPress Move Topics plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Casier bbPress Move Topics bbp-move-topics allows Reflected XSS.This issue affects bbPress Move Topics: from n/a through = 1.1.6...
PT-2025-43220
Name of the Vulnerable Software and Affected Versions bbPress Move Topics versions through 1.1.6 Description The software contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-site Scripting issue. This allows for the injection of malicious...
PT-2025-43223
Name of the Vulnerable Software and Affected Versions bbPress Notify versions through 2.19.4 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Reflected Cross-Site Scripting XSS condition. This issue exists in t...
WordPress plugin bbPress Notify 跨站脚本漏洞
WordPress bbPress Notify plugin is a notification plugin designed for WordPress forum plugin bbPress to replace the default subscription system and provide more flexible and personalized email updates. WordPress bbPress Notify plugin suffers from a cross-site scripting vulnerability that stems fr...