CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

159 matches found

Patchstack•added 2026/01/30 1:43 a.m.•6 views

WordPress BuddyBoss Platform plugin < 2.6.0 - Subscriber+ Comment on Private Post via IDOR vulnerability

Subscriber+ Comment on Private Post via IDOR vulnerability discovered by Faris Krivic in WordPress Plugin Buddyboss Platform versions 2.6.0...

4.3CVSS5.9AI score0.00158EPSS

Exploits2References1Affected Software1

RedhatCVE•added 2026/01/09 9:29 a.m.•7 views

CVE-2023-49168

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WordPlus Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss allows Stored XSS.This issue affects Better Messages – Live Chat for WordPress, BuddyPress, PeepSo...

6.5CVSS6.7AI score0.00181EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:27 a.m.•5 views

CVE-2023-45755

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in BuddyBoss BuddyPress Global Search plugin = 1.2.1 versions...

5.9CVSS5.6AI score0.00148EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:11 a.m.•15 views

CVE-2025-1909

The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

9.8CVSS6.8AI score0.0103EPSS

Exploits0References1

Patchstack•added 2025/12/31 12:0 a.m.•2 views

WordPress BuddyBoss Platform plugin <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bp_nouveau_ajax_media_save' function vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'bpnouveauajaxmediasave' function vulnerability discovered by Kaique Peres in WordPress Plugin Buddyboss Platform versions = 2.8.50...

6.4CVSS5.3AI score0.00122EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/12/31 12:0 a.m.•5 views

WordPress BuddyBoss Platform plugin <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bbp_topic_title' vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'bbptopictitle' vulnerability discovered by Kaique Peres in WordPress Plugin Buddyboss Platform versions = 2.8.50...

6.4CVSS5.3AI score0.00122EPSS

Exploits0References1Affected Software1