Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2026/01/07 9:18 a.m.10 views

CVE-2025-1780

The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.25. This makes it possible for authenticated...

4.3CVSS6.5AI score0.00248EPSS
Exploits0References1
nvd
nvd
added 2025/03/01 4:15 a.m.19 views

CVE-2025-1780

The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.25. This makes it possible for authenticated...

4.3CVSS0.00248EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/03/01 3:22 a.m.9 views

CVE-2025-1780 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings Update

The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.25. This makes it possible for authenticated...

4.3CVSS4.4AI score0.00248EPSS
Exploits0References2
cvelist
cvelist
added 2025/03/01 3:22 a.m.32 views

CVE-2025-1780 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings Update

The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.25. This makes it possible for authenticated...

4.3CVSS0.00248EPSS
Exploits0References2
cve
cve
added 2025/03/01 3:22 a.m.83 views

CVE-2025-1780

CVE-2025-1780 : BuddyPress WooCommerce My Account Integration (WordPress plugin) suffers unauthorized access due to a missing capability check in wc4bp_delete_page() across versions up to 3.4.25, enabling authenticated users with Subscriber level and above to update the plugin settings. The vulne...

4.3CVSS6.6AI score0.00248EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder