BuddyPress REST API <7.2.1 - Privilege Escalation/Remote Code Execution

WordPress BuddyPress before version 7.2.1 is susceptible to a privilege escalation vulnerability that can be leveraged to perform remote code execution. id: CVE-2021-21389 info: name: BuddyPress REST API 7.2.1 - Privilege Escalation/Remote Code Execution author: lotusdll severity: high descriptio...

CVE-2020-37233

WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like...

WordPress plugin Buddypress 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-5144 BuddyPress Groupblog <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR

The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...

WordPress Plugin BuddyPress Code Injection Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2023-49168

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WordPlus Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss allows Stored XSS.This issue affects Better Messages – Live Chat for WordPress, BuddyPress, PeepSo...

CVE-2025-23798

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ElbowRobo Mass Messaging in BuddyPress mass-messaging-in-buddypress allows Reflected XSS.This issue affects Mass Messaging in BuddyPress: from n/a through = 2.2.1...

PT-2025-43825

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress bp-activity-plus-reloaded allows Stored XSS.This issue affects Activity Plus Reloaded for BuddyPress: from n/a through = 1.1.2...

EUVD-2025-35386

Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through = 14.3.4...

WordPress plugin BuddyPress 安全漏洞

WordPress Buddypress Plugin is an open source social networking plugin developed by Automattic the parent company of WordPress for converting WordPress websites into fully functional social platforms. WordPress Buddypress Plugin suffers from a lack of authorization vulnerability, no details of th...

EUVD-2017-1496

Malware in sbrugna...

EUVD-2024-51559

Malicious code in bioql PyPI...

EUVD-2025-3360

Malicious code in bioql PyPI...

EUVD-2024-43510

Malicious code in bioql PyPI...

EUVD-2023-32337

Malicious code in bioql PyPI...

EUVD-2022-34396

Malicious code in bioql PyPI...

EUVD-2025-3430

Malicious code in bioql PyPI...

EUVD-2025-13788

Malicious code in bioql PyPI...

EUVD-2025-11645

Malicious code in bioql PyPI...

EUVD-2025-25374

Malicious code in bioql PyPI...