Lucene search
+L

5 matches found

Circl
Circl
added 2025/05/02 7:16 a.m.19 views

CVE-2024-13858

creationtimestamp| type| source ---|---|--- 2025-05-02 07:16:19+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14450 2025-05-02 08:00:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo6e7pqa6g22 2025-05-02 11:45:46+00:00| seen| https://t.me/cvedetector/24339 2025-05-02...

6.4CVSS7.8AI score0.00246EPSS
Exploits0References4
NVD
NVD
added 2025/05/02 7:15 a.m.30 views

CVE-2024-13858

The BuddyBoss Platform plugin and BuddyBoss Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inviteename’ parameter in all versions up to, and including, 2.8.50 and 2.8.41, respectively, due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS0.00246EPSS
Exploits0References4
CVE
CVE
added 2025/05/02 6:41 a.m.66 views

CVE-2024-13858

The CVE-2024-13858 entry concerns the BuddyBoss Platform plugin for WordPress and BuddyBoss Theme, affected by a Stored Cross-Site Scripting via the invitee_name parameter. Affected versions are all up to 2.8.50 (platform) and 2.8.41 (theme), with insufficient input sanitization and output escapi...

6.4CVSS5.5AI score0.00246EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/05/02 6:41 a.m.42 views

CVE-2024-13858 BuddyBoss Platform and BuddyBoss Theme <= Multiple Versions - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'invitee_name'

The BuddyBoss Platform plugin and BuddyBoss Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inviteename’ parameter in all versions up to, and including, 2.8.50 and 2.8.41, respectively, due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS0.00246EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/05/01 10:11 p.m.8 views

WordPress BuddyBoss Platform plugin <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'invitee_name' vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'inviteename' vulnerability discovered by Kaique Peres in WordPress Plugin Buddyboss Platform versions = 2.8.50...

6.4CVSS6.8AI score0.00246EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder