303 matches found
CVE-2025-1435 bbPress <= 2.6.11 - Cross-Site Request Forgery to Limited Privilege Escalation
The bbPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.11. This is due to missing or incorrect nonce validation on the bbpuseraddroleonregister function. This makes it possible for unauthenticated attackers to elevate their privilege...
CVE-2025-1435
The CVE-2025-1435 issue affects the bbPress WordPress plugin (versions up to 2.6.11). It is a Cross-Site Request Forgery (CSRF) flaw caused by missing or incorrect nonce validation in bbp_user_add_role_on_register(), allowing unauthenticated attackers to elevate privileges to the Keymaster by for...
CVE-2025-1435 bbPress <= 2.6.11 - Cross-Site Request Forgery to Limited Privilege Escalation
The bbPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.11. This is due to missing or incorrect nonce validation on the bbpuseraddroleonregister function. This makes it possible for unauthenticated attackers to elevate their privilege...
WordPress plugin bbPress 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...
WordPress bbPress plugin <= 2.6.11 - Cross-Site Request Forgery to Limited Privilege Escalation vulnerability
Cross-Site Request Forgery to Limited Privilege Escalation vulnerability discovered by Brian Mungai in WordPress Plugin bbPress versions = 2.6.11...
WordPress: Pivilege escalation of any new user to Keymaster caused by CSRF
A vulnerability in the bbPress plugin allowed an attacker to escalate a newly registered user's forum role to bbpkeymaster without proper authentication. This occurred because bbPress failed to implement adequate CSRF protections when assigning forum roles, allowing an attacker to craft a malicio...
CVE-2024-37485
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Vinny Alves UseStrict Consulting bbPress Notify allows Reflected XSS.This issue affects bbPress Notify: from n/a through 2.18.3...
CVE-2024-12221
The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
CVE-2024-12221 Turnkey bbPress by WeaverTheme <= 1.6.3 - Reflected Cross-Site Scripting via _wpnonce Parameter
The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
CVE-2024-12221 Turnkey bbPress by WeaverTheme <= 1.6.3 - Reflected Cross-Site Scripting via _wpnonce Parameter
The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
CVE-2024-12221
CVE-2024-12221 affects Turnkey bbPress by WeaverTheme (WordPress). It enables Reflected Cross-Site Scripting via the _wpnonce parameter in all versions
WordPress plugin Turnkey bbPress by WeaverTheme 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-1785 · Weavertheme · Turnkey Bbpress
Name of the Vulnerable Software and Affected Versions: Turnkey bbPress by WeaverTheme plugin for WordPress versions up to, and including, 1.6.3 Description: The issue is related to Reflected Cross-Site Scripting via the wpnonce parameter due to insufficient input sanitization and output escaping...
WordPress Turnkey bbPress plugin <= 1.6.3 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Turnkey bbPress versions = 1.6.3...
CVE-2023-41951
Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through 4.6.14...
CVE-2023-41951 WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.6.14 - Broken Access Control vulnerability
Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through = 4.6.14...
WordPress plugin rtMedia for WordPress, BuddyPress and bbPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-11278
The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...
CVE-2024-11278
CVE-2024-11278 affects the WordPress plugin GD bbPress Attachments (≤ 4.7.2). The issue is a Reflected Cross-Site Scripting (XSS) caused by inadequate escaping of the URL via add_query_arg, enabling unauthenticated attackers to inject scripts that execute when a user interacts with a crafted link...
PT-2024-16878 · WordPress · Gd Bbpress Attachments
Name of the Vulnerable Software and Affected Versions: GD bbPress Attachments plugin for WordPress versions up to, and including, 4.7.2 Description: The issue arises from the use of add query arg without proper escaping on the URL, leading to Reflected Cross-Site Scripting. This allows...