Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2026/01/01 9:12 a.m.9 views

CVE-2025-62760

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode bp-activity-shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through = 1.1.8...

6.5CVSS5.9AI score0.00137EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/31 8:52 a.m.3 views

CVE-2025-62760 WordPress BuddyPress Activity Shortcode plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through 1.1.8...

6.5CVSS5.6AI score0.00137EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/31 8:52 a.m.3 views

EUVD-2025-205914

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through 1.1.8...

6.5CVSS5.5AI score0.00137EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:34 a.m.6 views

CVE-2015-9455

The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...

8.1CVSS7.1AI score0.00715EPSS
Exploits0References1
NVD
NVD
added 2023/11/12 10:15 p.m.9 views

CVE-2023-28694

Cross-Site Request Forgery CSRF vulnerability in Wbcom Designs Wbcom Designs – BuddyPress Activity Social Share plugin = 3.5.0 versions...

8.8CVSS0.00304EPSS
Exploits0References1
OSV
OSV
added 2023/11/12 10:15 p.m.3 views

CVE-2023-28694

Cross-Site Request Forgery CSRF vulnerability in Wbcom Designs Wbcom Designs – BuddyPress Activity Social Share plugin = 3.5.0 versions...

8.8CVSS7.3AI score0.00304EPSS
Exploits0References1
Prion
Prion
added 2023/11/12 10:15 p.m.11 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Wbcom Designs Wbcom Designs – BuddyPress Activity Social Share plugin = 3.5.0 versions...

6.8CVSS7.5AI score0.00304EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/12 9:47 p.m.40 views

CVE-2023-28694

CVE-2023-28694 describes a CSRF vulnerability in the WordPress plugin Wbcom Designs – BuddyPress Activity Social Share, affecting versions up to 3.5.0. The issue is identified as CSRF with attacker-required user privileges, and Patchstack notes a fix in version 3.5.1. Public disclosures and entri...

8.8CVSS7.1AI score0.00304EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/03/22 12:0 a.m.10 views

WordPress Wbcom Designs – BuddyPress Activity Social Share Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wbcom Designs – BuddyPress Activity Social Share Type Plugin Vulnerable versions = 3.5.0 Fixed in 3.5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-28694 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID...

8.8CVSS6.6AI score0.00304EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/04/11 12:0 a.m.6 views

WordPress Wbcom Designs – Check-ins for BuddyPress Activity plugin <= 1.9.3 - Arbitrary Plugin Installation, Activation and Deactivation vulnerability

Arbitrary Plugin Installation, Activation and Deactivation vulnerability was discovered by Mary JJ Jay in WordPress Wbcom Designs – Check-ins for BuddyPress Activity plugin versions = 1.9.3. Solution Update the WordPress Wbcom Designs – Check-ins for BuddyPress Activity plugin to the latest...

4.1AI score
Exploits0References2Affected Software1
CNVD
CNVD
added 2019/11/20 12:0 a.m.3 views

WordPress buddypress-activity-plus plugin cross-site request forgery vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress buddypress-activity-plus plugin. The...

8.1CVSS6.8AI score0.00715EPSS
Exploits0References1
NVD
NVD
added 2019/10/07 3:15 p.m.17 views

CVE-2015-9455

The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...

8.1CVSS8.2AI score0.00715EPSS
Exploits0References2
Prion
Prion
added 2019/10/07 3:15 p.m.13 views

Directory traversal

The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...

7.8CVSS7.2AI score0.00715EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/10/07 2:25 p.m.18 views

CVE-2015-9455

The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...

8.2AI score0.00715EPSS
Exploits0References2
CVE
CVE
added 2019/10/07 2:25 p.m.59 views

CVE-2015-9455

The CVE-2015-9455 issue affects the WordPress plugin buddypress-activity-plus (before 1.6.2). The vulnerability is a CSRF leading to directory traversal via the wp-admin/admin-ajax.php parameter bpfb_photos[] in the action bpfb_remove_temp_images . This can enable an attacker to traverse director...

8.1CVSS8.1AI score0.00715EPSS
Exploits0References2Affected Software1
0day.today
0day.today
added 2015/07/17 12:0 a.m.18 views

WordPress BuddyPress Activity Plus 1.5 CSRF / File Deletion Vulnerabilities

Exploit for php platform in category web applications Details ================ Software: BuddyPress Activity Plus Version: 1.5 Homepage: http://wordpress.org/plugins/buddypress-activity-plus/ Advisory report:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2015/07/17 12:0 a.m.43 views

WordPress Plugin BuddyPress Activity Plus 1.5 - Cross-Site Request Forgery

Details ================ Software: BuddyPress Activity Plus Version: 1.5 Homepage: http://wordpress.org/plugins/buddypress-activity-plus/ Advisory report: https://security.dxw.com/advisories/csrf-and-arbitrary-file-deletion-in-buddypress-activity-plus-1-5/ CVE: Awaiting assignment CVSS: 8.5 High;...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2015/07/17 12:0 a.m.20 views

WordPress Plugin BuddyPress Activity Plus 1.5 - Cross-Site Request Forgery

WordPress Plugin BuddyPress Activity Plus 1.5 - Cross-Site Request Forgery Details ================ Software: BuddyPress Activity Plus Version: 1.5 Homepage: http://wordpress.org/plugins/buddypress-activity-plus/ Advisory report:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2015/07/15 12:0 a.m.23 views

WordPress BuddyPress Activity Plus 1.5 CSRF / File Deletion

Details ================ Software: BuddyPress Activity Plus Version: 1.5 Homepage: http://wordpress.org/plugins/buddypress-activity-plus/ Advisory report: https://security.dxw.com/advisories/csrf-and-arbitrary-file-deletion-in-buddypress-activity-plus-1-5/ CVE: Awaiting assignment CVSS: 8.5 High;...

0.1AI score
Exploits0
Rows per page
Query Builder