WordPress buddyforms plugin <= 2.8.8- Arbitrary File Read and SSRF vulnerability

WordPress buddyforms plugin = 2.8.8- Arbitrary File Read and SSRF vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin BuddyForms versions = 2.8.8...

WordPress BuddyForms Plugin <= 2.8.8 is vulnerable to Arbitrary File Download

Software BuddyForms Type Plugin Vulnerable versions = 2.8.8 Fixed in 2.8.9 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2024-32830 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID df4ae0005bef Credits Yudistira Arya Required privilege...

BuddyForms < 2.8.6 - Reflected Cross-Site Scripting via page

Description The BuddyForms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in versions up to, and including, 2.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-30198

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeKraft BuddyForms allows Reflected XSS.This issue affects BuddyForms: from n/a through 2.8.5...

CVE-2024-30198

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeKraft BuddyForms allows Reflected XSS.This issue affects BuddyForms: from n/a through 2.8.5...

CVE-2024-30198 WordPress Buddyforms plugin <= 2.8.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeKraft BuddyForms allows Reflected XSS.This issue affects BuddyForms: from n/a through 2.8.5...

CVE-2024-30198

Technical details for CVE-2024-30198 are not publicly available in the provided documents. No affected product versions, root cause, or remediation are specified here. Monitor for official disclosures or vendor advisories for confirmed remediation.

WordPress Plugin BuddyForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-23246 · Unknown · Buddyforms

Name of the Vulnerable Software and Affected Versions: BuddyForms versions prior to 2.8.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables an attacker to inject malicious...

WordPress BuddyForms Plugin <= 2.8.5 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.5 Fixed in 2.8.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30198 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID f21da7d6bb61 Credits Dimas Maulana Required privilege...

CVE-2024-1158

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyformsnewpage function in all versions up to, and including,...

WordPress Plugin Post Form Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2024-1169

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyformsuploadhandledroppedmedia function in all versions up to, and...

WordPress Plugin buddyforms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin buddyforms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress BuddyForms Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software BuddyForms Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1169 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 9cb60e0ebc18 Credits Lucio Sá Required privilege...

WordPress BuddyForms Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software BuddyForms Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1158 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2d73d2a4cbed Credits Lucio Sá Required privilege...

WordPress BuddyForms Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software BuddyForms Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1170 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 07e9d4cd19c1 Credits Lucio Sá Required privilege...

PT-2024-17195 · WordPress · The Post Form – Registration Form – Profile Form For User Profiles – Frontend Content Forms For User Submissions

Name of the Vulnerable Software and Affected Versions: The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress versions up to, and including, 2.8.7 Description: The issue is related to a missing capability check on...

BuddyForms Plugin for WordPress < 2.7.8 Insecure Deserialization

The WordPress BuddyForms Plugin installed on the remote host is affected by an unauthenticated insecure deserialization in the function buddyformsuploadimagefromurl which allowed for the deserialization of untrusted input via the url parameter. Note that the scanner has not tested for these issue...