CVE-2025-62973 WordPress BuddyForms plugin <= 2.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyForms: from n/a through = 2.9.0...

CVE-2025-32151 WordPress BuddyForms Plugin <= 2.9.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Themekraft BuddyForms buddyforms allows PHP Local File Inclusion.This issue affects BuddyForms: from n/a through = 2.9.0...

WordPress BuddyForms plugin <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Max Boll b0lli in WordPress Plugin BuddyForms versions = 2.8.13...

WordPress BuddyForms Plugin <= 2.8.11 is vulnerable to Privilege Escalation

Software BuddyForms Type Plugin Vulnerable versions = 2.8.11 Fixed in 2.8.12 OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-8246 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 7556df5d8520 Credits wesley wcraft Required privilege...

WordPress BuddyForms Plugin <= 2.8.9 is vulnerable to Bypass Vulnerability

Software BuddyForms Type Plugin Vulnerable versions = 2.8.9 Fixed in 2.8.10 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-5149 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5566e284be9a Credits István Márton Required privilege...

WordPress BuddyForms Plugin <= 2.8.5 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.5 Fixed in 2.8.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30198 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID f21da7d6bb61 Credits Dimas Maulana Required privilege...

WordPress BuddyForms Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software BuddyForms Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1169 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 9cb60e0ebc18 Credits Lucio Sá Required privilege...

WordPress BuddyForms Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software BuddyForms Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1158 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2d73d2a4cbed Credits Lucio Sá Required privilege...

WordPress BuddyForms Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software BuddyForms Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1170 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 07e9d4cd19c1 Credits Lucio Sá Required privilege...

WordPress BuddyForms Anonymous Author Plugin <= 1.0-beta-1 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Anonymous Author Type Plugin Vulnerable versions = 1.0-beta-1 Fixed in 1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID b620f1f8e71a Credits Rafie Muhammad...

WordPress BuddyForms Remote Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Remote Type Plugin Vulnerable versions = 1.0.4 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 11788d764e29 Credits Rafie Muhammad Patchstack Required...

WordPress BuddyForms Attach Post with Group Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Attach Post with Group Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 9d4312fdd8bd Credits Rafie Muhammad...

WordPress BuddyForms Posts 2 Posts Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Posts 2 Posts Type Plugin Vulnerable versions = 1.0.10 Fixed in 1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 6d47ac352bde Credits Rafie Muhammad Patchstack...

WordPress BuddyForms Hierarchical Posts Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Hierarchical Posts Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0e41c8fe2c4e Credits Rafie Muhammad...

WordPress BuddyForms Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.1 Fixed in 2.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25981 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 00a2c7a49e64 Credits István Márton Required...

CVE-2022-38971 WordPress BuddyForms Plugin <= 2.7.5 is vulnerable to Cross Site Scripting (XSS)

Stored Cross-Site Scripting XSS vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin = 2.7.5 versions...