CVE-2024-47377

CVE-2024-47377 is a stored XSS in WordPress BuddyForms plugin versions up to 2.8.12 caused by improper neutralization of input during web page generation. Affected product: BuddyForms (WordPress plugin); vulnerable component/version range corresponds to 2.x releases before 2.8.13. Public sources ...

CVE-2024-47377 WordPress BuddyForms plugin <= 2.8.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themekraft BuddyForms buddyforms allows Stored XSS.This issue affects BuddyForms: from n/a through = 2.8.12...

WordPress plugin BuddyForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-32595 · Unknown · Buddyforms

Name of the Vulnerable Software and Affected Versions: BuddyForms versions through 2.8.12 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks, enabling malicious code injection...

WordPress BuddyForms plugin <= 2.8.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin BuddyForms versions = 2.8.12...

WordPress BuddyForms Plugin <= 2.8.12 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.12 Fixed in 2.8.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47377 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9418faef5fbf Credits SOPROBRO Required privilege Editor...

WordPress BuddyForms plugin <= 2.8.11 - Authenticated (Contributor+) Privilege Escalation vulnerability

Authenticated Contributor+ Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin BuddyForms versions = 2.8.11...

WordPress BuddyForms Plugin <= 2.8.11 is vulnerable to Privilege Escalation

Software BuddyForms Type Plugin Vulnerable versions = 2.8.11 Fixed in 2.8.12 OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-8246 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 7556df5d8520 Credits wesley wcraft Required privilege...

BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness

Description The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...

CVE-2024-5149

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...

CVE-2024-5149 BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...

WordPress BuddyForms plugin <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness vulnerability

Email Verification Bypass due to Insufficient Randomness vulnerability discovered by István Márton in WordPress Plugin BuddyForms versions = 2.8.9...

WordPress BuddyForms Plugin <= 2.8.9 is vulnerable to Bypass Vulnerability

Software BuddyForms Type Plugin Vulnerable versions = 2.8.9 Fixed in 2.8.10 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-5149 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5566e284be9a Credits István Márton Required privilege...

CVE-2024-32830

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8...

CVE-2024-32830

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8...

CVE-2024-32830

CVE-2024-32830 affects WordPress BuddyForms plugin. The issue is an improper pathname limitation (Path Traversal) that enables Server-Side Request Forgery and Arbitrary File Read for BuddyForms versions up to and including 2.8.8. Exploitation details are not provided in the connected documents. I...

CVE-2024-32830 WordPress buddyforms plugin <= 2.8.8- Arbitrary File Read and SSRF vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8...

CVE-2024-32830 WordPress buddyforms plugin <= 2.8.8- Arbitrary File Read and SSRF vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8...

WordPress plugin BuddyForms 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

PT-2024-24906 · Unknown · Buddyforms

Name of the Vulnerable Software and Affected Versions: BuddyForms versions n/a through 2.8.8 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal', which allows Server Side Request Forgery and Relative Path Traversal...