5 matches found
CVE-2024-13858
creationtimestamp| type| source ---|---|--- 2025-05-02 07:16:19+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14450 2025-05-02 08:00:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo6e7pqa6g22 2025-05-02 11:45:46+00:00| seen| https://t.me/cvedetector/24339 2025-05-02...
CVE-2024-13858
The BuddyBoss Platform plugin and BuddyBoss Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inviteename’ parameter in all versions up to, and including, 2.8.50 and 2.8.41, respectively, due to insufficient input sanitization and output escaping. This makes it possible fo...
CVE-2024-13858
The CVE-2024-13858 entry concerns the BuddyBoss Platform plugin for WordPress and BuddyBoss Theme, affected by a Stored Cross-Site Scripting via the invitee_name parameter. Affected versions are all up to 2.8.50 (platform) and 2.8.41 (theme), with insufficient input sanitization and output escapi...
CVE-2024-13858 BuddyBoss Platform and BuddyBoss Theme <= Multiple Versions - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'invitee_name'
The BuddyBoss Platform plugin and BuddyBoss Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inviteename’ parameter in all versions up to, and including, 2.8.50 and 2.8.41, respectively, due to insufficient input sanitization and output escaping. This makes it possible fo...
WordPress BuddyBoss Platform plugin <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'invitee_name' vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via 'inviteename' vulnerability discovered by Kaique Peres in WordPress Plugin Buddyboss Platform versions = 2.8.50...