Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Buddypress Security Vulnerabilities

cve
cve

CVE-2012-2109

SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.

8.7AI Score

0.002EPSS

2012-09-04 08:55 PM
25
cve
cve

CVE-2014-1888

Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. NOTE: this can be exploited without authentication by leveraging CVE-2014-188...

5.9AI Score

0.01EPSS

2014-03-01 12:01 AM
30
cve
cve

CVE-2014-1889

The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.

6.5CVSS

6.3AI Score

0.01EPSS

2018-04-10 03:29 PM
32
cve
cve

CVE-2017-6954

An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions.

4.3CVSS

4.4AI Score

0.001EPSS

2017-03-17 09:59 AM
21
cve
cve

CVE-2020-5244

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.

8CVSS

7.4AI Score

0.002EPSS

2020-02-24 06:15 PM
55
cve
cve

CVE-2021-21389

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in Bud...

8.8CVSS

8.4AI Score

0.824EPSS

2021-03-26 09:15 PM
98
6
cve
cve

CVE-2023-50880

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1.

6.5CVSS

5.8AI Score

0.0004EPSS

2023-12-29 12:15 PM
13
cve
cve

CVE-2024-3974

The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_name’ parameter in versions up to, and including, 12.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions a...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-14 03:42 PM
39
cve
cve

CVE-2024-4892

The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ parameter in versions up to, and including, 12.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permission...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-12 02:15 AM
27