19 matches found
CVE-2025-62760
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode bp-activity-shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through = 1.1.8...
CVE-2025-62760 WordPress BuddyPress Activity Shortcode plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through 1.1.8...
EUVD-2025-205914
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through 1.1.8...
CVE-2015-9455
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...
CVE-2023-28694
Cross-Site Request Forgery CSRF vulnerability in Wbcom Designs Wbcom Designs – BuddyPress Activity Social Share plugin = 3.5.0 versions...
CVE-2023-28694
Cross-Site Request Forgery CSRF vulnerability in Wbcom Designs Wbcom Designs – BuddyPress Activity Social Share plugin = 3.5.0 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Wbcom Designs Wbcom Designs – BuddyPress Activity Social Share plugin = 3.5.0 versions...
CVE-2023-28694
CVE-2023-28694 describes a CSRF vulnerability in the WordPress plugin Wbcom Designs – BuddyPress Activity Social Share, affecting versions up to 3.5.0. The issue is identified as CSRF with attacker-required user privileges, and Patchstack notes a fix in version 3.5.1. Public disclosures and entri...
WordPress Wbcom Designs – BuddyPress Activity Social Share Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Wbcom Designs – BuddyPress Activity Social Share Type Plugin Vulnerable versions = 3.5.0 Fixed in 3.5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-28694 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID...
WordPress Wbcom Designs – Check-ins for BuddyPress Activity plugin <= 1.9.3 - Arbitrary Plugin Installation, Activation and Deactivation vulnerability
Arbitrary Plugin Installation, Activation and Deactivation vulnerability was discovered by Mary JJ Jay in WordPress Wbcom Designs – Check-ins for BuddyPress Activity plugin versions = 1.9.3. Solution Update the WordPress Wbcom Designs – Check-ins for BuddyPress Activity plugin to the latest...
WordPress buddypress-activity-plus plugin cross-site request forgery vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress buddypress-activity-plus plugin. The...
CVE-2015-9455
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...
Directory traversal
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...
CVE-2015-9455
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...
CVE-2015-9455
The CVE-2015-9455 issue affects the WordPress plugin buddypress-activity-plus (before 1.6.2). The vulnerability is a CSRF leading to directory traversal via the wp-admin/admin-ajax.php parameter bpfb_photos[] in the action bpfb_remove_temp_images . This can enable an attacker to traverse director...
WordPress BuddyPress Activity Plus 1.5 CSRF / File Deletion Vulnerabilities
Exploit for php platform in category web applications Details ================ Software: BuddyPress Activity Plus Version: 1.5 Homepage: http://wordpress.org/plugins/buddypress-activity-plus/ Advisory report:...
WordPress Plugin BuddyPress Activity Plus 1.5 - Cross-Site Request Forgery
Details ================ Software: BuddyPress Activity Plus Version: 1.5 Homepage: http://wordpress.org/plugins/buddypress-activity-plus/ Advisory report: https://security.dxw.com/advisories/csrf-and-arbitrary-file-deletion-in-buddypress-activity-plus-1-5/ CVE: Awaiting assignment CVSS: 8.5 High;...
WordPress Plugin BuddyPress Activity Plus 1.5 - Cross-Site Request Forgery
WordPress Plugin BuddyPress Activity Plus 1.5 - Cross-Site Request Forgery Details ================ Software: BuddyPress Activity Plus Version: 1.5 Homepage: http://wordpress.org/plugins/buddypress-activity-plus/ Advisory report:...
WordPress BuddyPress Activity Plus 1.5 CSRF / File Deletion
Details ================ Software: BuddyPress Activity Plus Version: 1.5 Homepage: http://wordpress.org/plugins/buddypress-activity-plus/ Advisory report: https://security.dxw.com/advisories/csrf-and-arbitrary-file-deletion-in-buddypress-activity-plus-1-5/ CVE: Awaiting assignment CVSS: 8.5 High;...