CVE-2025-32151

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Themekraft BuddyForms buddyforms allows PHP Local File Inclusion.This issue affects BuddyForms: from n/a through = 2.9.0...

CVE-2025-32151

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Sven Lehnert BuddyForms allows PHP Local File Inclusion. This issue affects BuddyForms: from n/a through 2.8.15...

CVE-2025-32151

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Themekraft BuddyForms buddyforms allows PHP Local File Inclusion.This issue affects BuddyForms: from n/a through = 2.9.0...

CVE-2025-32151 WordPress BuddyForms Plugin <= 2.9.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Themekraft BuddyForms buddyforms allows PHP Local File Inclusion.This issue affects BuddyForms: from n/a through = 2.9.0...

CVE-2025-32151 WordPress BuddyForms Plugin <= 2.9.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Themekraft BuddyForms buddyforms allows PHP Local File Inclusion.This issue affects BuddyForms: from n/a through = 2.9.0...

CVE-2025-32151

CVE-2025-32151 affects the BuddyForms WordPress plugin (vulnerable range up to 2.8.15; later entries note 2.8.17 as affected). The issue is an improper control of the filename used in PHP Include/Require leading to Local File Inclusion (LFI). Exploitation requires authentication (Authenticated as...

WordPress BuddyForms Plugin <= 2.9.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin BuddyForms versions = 2.9.0...

WordPress plugin BuddyForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-14937 · Unknown · Buddyforms

Name of the Vulnerable Software and Affected Versions: BuddyForms versions n/a through 2.8.15 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This allows PHP Local File...

PT-2025-7328 · WordPress · Buddyforms

Name of the Vulnerable Software and Affected Versions: BuddyForms plugin for WordPress versions up to, and including, 2.8.15 Description: The BuddyForms plugin for WordPress is affected by a Stored Cross-Site Scripting issue due to insufficient input sanitization and output escaping on...

WordPress plugin BuddyForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

WordPress Frontend Content Forms for User Submissions (UGC) plugin <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'buddyformsnav' Shortcode vulnerability discovered by Max Boll b0lli in WordPress Plugin BuddyForms versions = 2.8.15...

Exploit for Deserialization of Untrusted Data in Themekraft Buddyforms

usage: python exploit.py "/wp-admin/admin-ajax.php" 'bash -c "ba...

CVE-2024-32830

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8...

Exploit for CVE-2024-2961

Buddyforms 2.7.7 CNEXT RCE Abusing CVE-2024-2961 and CVE-2023...

Exploit for Deserialization of Untrusted Data in Themekraft Buddyforms

Exploit BuddyForms CVE-2023-26326 using Iconv CVE-2024-2961...

WordPress BuddyForms plugin <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Max Boll b0lli in WordPress Plugin BuddyForms versions = 2.8.13...

CVE-2024-47377

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ThemeKraft BuddyForms allows Stored XSS.This issue affects BuddyForms: from n/a through 2.8.12...

CVE-2024-47377

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themekraft BuddyForms buddyforms allows Stored XSS.This issue affects BuddyForms: from n/a through = 2.8.12...

CVE-2024-47377 WordPress BuddyForms plugin <= 2.8.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ThemeKraft BuddyForms allows Stored XSS.This issue affects BuddyForms: from n/a through 2.8.12...