Lucene search

K

Themekraft Security Vulnerabilities

cve
cve

CVE-2024-32830

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through...

8.6CVSS

6.7AI Score

0.0004EPSS

2024-05-17 10:15 AM
31
cve
cve

CVE-2024-35726

Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through...

8.8CVSS

4.7AI Score

0.001EPSS

2024-06-10 08:15 AM
22
cve
cve

CVE-2024-5149

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email...

6.5CVSS

7.2AI Score

0.0005EPSS

2024-06-05 05:15 AM
24
cve
cve

CVE-2024-32603

Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through...

8.5CVSS

6.8AI Score

0.0004EPSS

2024-04-18 09:15 AM
23
cve
cve

CVE-2024-30198

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeKraft BuddyForms allows Reflected XSS.This issue affects BuddyForms: from n/a through...

5.8CVSS

9.3AI Score

0.0004EPSS

2024-03-27 07:15 AM
28
cve
cve

CVE-2023-5823

Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin <= 2.2.11...

8.8CVSS

8.8AI Score

0.001EPSS

2023-11-06 12:15 PM
65
cve
cve

CVE-2022-38971

Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin <= 2.7.5...

5.4CVSS

5.2AI Score

0.001EPSS

2023-03-16 09:15 AM
22
cve
cve

CVE-2023-25981

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <= 2.8.1...

6.5CVSS

5.2AI Score

0.0004EPSS

2023-08-25 10:15 AM
8
cve
cve

CVE-2023-26326

The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to....

9.8CVSS

9.6AI Score

0.003EPSS

2023-02-23 08:15 PM
29
cve
cve

CVE-2018-21003

The buddyforms plugin before 2.2.8 for WordPress has SQL...

9.8CVSS

9.9AI Score

0.002EPSS

2019-08-27 12:15 PM
53