Lucene search
K

303 matches found

Vulnrichment
Vulnrichment
added 2025/03/05 8:21 a.m.7 views

CVE-2025-1435 bbPress <= 2.6.11 - Cross-Site Request Forgery to Limited Privilege Escalation

The bbPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.11. This is due to missing or incorrect nonce validation on the bbpuseraddroleonregister function. This makes it possible for unauthenticated attackers to elevate their privilege...

6.3CVSS6.7AI score0.00161EPSS
Exploits0References4
CVE
CVE
added 2025/03/05 8:21 a.m.62 views

CVE-2025-1435

The CVE-2025-1435 issue affects the bbPress WordPress plugin (versions up to 2.6.11). It is a Cross-Site Request Forgery (CSRF) flaw caused by missing or incorrect nonce validation in bbp_user_add_role_on_register(), allowing unauthenticated attackers to elevate privileges to the Keymaster by for...

6.3CVSS6.7AI score0.00161EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/05 8:21 a.m.26 views

CVE-2025-1435 bbPress <= 2.6.11 - Cross-Site Request Forgery to Limited Privilege Escalation

The bbPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.11. This is due to missing or incorrect nonce validation on the bbpuseraddroleonregister function. This makes it possible for unauthenticated attackers to elevate their privilege...

6.3CVSS0.00161EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/05 12:0 a.m.7 views

WordPress plugin bbPress 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

6.3CVSS8.8AI score0.00161EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/03/04 10:28 p.m.4 views

WordPress bbPress plugin <= 2.6.11 - Cross-Site Request Forgery to Limited Privilege Escalation vulnerability

Cross-Site Request Forgery to Limited Privilege Escalation vulnerability discovered by Brian Mungai in WordPress Plugin bbPress versions = 2.6.11...

6.3CVSS7AI score0.00161EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2025/02/18 7:5 p.m.6 views

WordPress: Pivilege escalation of any new user to Keymaster caused by CSRF

A vulnerability in the bbPress plugin allowed an attacker to escalate a newly registered user's forum role to bbpkeymaster without proper authentication. This occurred because bbPress failed to implement adequate CSRF protections when assigning forum roles, allowing an attacker to craft a malicio...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 12:50 a.m.10 views

CVE-2024-37485

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Vinny Alves UseStrict Consulting bbPress Notify allows Reflected XSS.This issue affects bbPress Notify: from n/a through 2.18.3...

7.1CVSS6.9AI score0.00288EPSS
Exploits0
NVD
NVD
added 2025/01/04 10:15 a.m.7 views

CVE-2024-12221

The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

6.1CVSS0.00351EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/04 9:22 a.m.7 views

CVE-2024-12221 Turnkey bbPress by WeaverTheme <= 1.6.3 - Reflected Cross-Site Scripting via _wpnonce Parameter

The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

6.1CVSS6.4AI score0.00351EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/04 9:22 a.m.17 views

CVE-2024-12221 Turnkey bbPress by WeaverTheme <= 1.6.3 - Reflected Cross-Site Scripting via _wpnonce Parameter

The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

6.1CVSS0.00351EPSS
Exploits0References3
CVE
CVE
added 2025/01/04 9:22 a.m.42 views

CVE-2024-12221

CVE-2024-12221 affects Turnkey bbPress by WeaverTheme (WordPress). It enables Reflected Cross-Site Scripting via the _wpnonce parameter in all versions

6.1CVSS6AI score0.00351EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/04 12:0 a.m.5 views

WordPress plugin Turnkey bbPress by WeaverTheme 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS7.6AI score0.00351EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/04 12:0 a.m.2 views

PT-2025-1785 · Weavertheme · Turnkey Bbpress

Name of the Vulnerable Software and Affected Versions: Turnkey bbPress by WeaverTheme plugin for WordPress versions up to, and including, 1.6.3 Description: The issue is related to Reflected Cross-Site Scripting via the wpnonce parameter due to insufficient input sanitization and output escaping...

6.1CVSS8.7AI score0.00351EPSS
Exploits0References9
Patchstack
Patchstack
added 2025/01/03 10:53 p.m.3 views

WordPress Turnkey bbPress plugin <= 1.6.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Turnkey bbPress versions = 1.6.3...

6.1CVSS6.3AI score0.00351EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/12/13 3:15 p.m.8 views

CVE-2023-41951

Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through 4.6.14...

4.3CVSS0.00449EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/13 2:24 p.m.7 views

CVE-2023-41951 WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.6.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through = 4.6.14...

4.3CVSS7.3AI score0.00449EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.3 views

WordPress plugin rtMedia for WordPress, BuddyPress and bbPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS8.6AI score0.00449EPSS
Exploits0References1
NVD
NVD
added 2024/11/20 5:15 a.m.11 views

CVE-2024-11278

The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS0.00377EPSS
Exploits0References3
CVE
CVE
added 2024/11/20 4:31 a.m.50 views

CVE-2024-11278

CVE-2024-11278 affects the WordPress plugin GD bbPress Attachments (≤ 4.7.2). The issue is a Reflected Cross-Site Scripting (XSS) caused by inadequate escaping of the URL via add_query_arg, enabling unauthenticated attackers to inject scripts that execute when a user interacts with a crafted link...

6.1CVSS6AI score0.00377EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.4 views

PT-2024-16878 · WordPress · Gd Bbpress Attachments

Name of the Vulnerable Software and Affected Versions: GD bbPress Attachments plugin for WordPress versions up to, and including, 4.7.2 Description: The issue arises from the use of add query arg without proper escaping on the URL, leading to Reflected Cross-Site Scripting. This allows...

6.1CVSS9.5AI score0.00377EPSS
Exploits0References6
Rows per page
Query Builder