PT-2026-4326

Name of the Vulnerable Software and Affected Versions BuddyPress plugin for WordPress versions prior to 14.3.4 Description The BuddyPress plugin for WordPress is susceptible to arbitrary shortcode execution. This occurs because the software does not properly validate input before running the do...

WordPress Buddypress Plugin Missing Authorization Vulnerability

WordPress Buddypress Plugin is an open source social networking plugin developed by Automattic the parent company of WordPress for converting WordPress websites into fully functional social platforms. WordPress Buddypress Plugin suffers from a lack of authorization vulnerability, no details of th...

CVE-2025-62022 WordPress BuddyPress plugin <= 14.3.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through = 14.3.4...

CVE-2025-62022 WordPress BuddyPress plugin <= 14.3.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through = 14.3.4...

WordPress BuddyPress Plugin <= 12.4.0 is vulnerable to Cross Site Scripting (XSS)

Software BuddyPress Type Plugin Vulnerable versions = 12.4.0 Fixed in 12.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3974 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c936264fa18b Credits wesley wcraft Require...

CVE-2023-50880 WordPress BuddyPress Plugin <= 11.3.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1...

WordPress BuddyPress Global Search Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software BuddyPress Global Search Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45755 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ca07ac6a4c1e Credits yuyudhn Required...

WordPress BuddyPress Groups Integration for WooCommerce Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software BuddyPress Groups Integration for WooCommerce Type Plugin Vulnerable versions = 1.0.4 Fixed in 1.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 74e53a4d5f1c Credits Rafie...

WordPress BuddyPress Builder for Elementor – BuddyBuilder Plugin < 1.7.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software BuddyPress Builder for Elementor – BuddyBuilder Type Plugin Vulnerable versions 1.7.4 Fixed in 1.7.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer StaxWP PSID 0a1c78853d94 Credits WordFence...

WordPress Buddypress 1.9.1 Privilege Escalation Vulnerability

WordPress Buddypress plugin versions 1.9.1 and below suffer from a privilege escalation vulnerability. Vulnerability: Wordpress plugin Buddypress 2 Visit the url http://example.com/groups/create/step/group-details/ 3 Enjoy the power 0day.today 2018-04-01...