Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Buddyforms Security Vulnerabilities

cve
cve

CVE-2018-21003

The buddyforms plugin before 2.2.8 for WordPress has SQL injection.

9.8CVSS

9.9AI Score

0.002EPSS

2019-08-27 12:15 PM
55
cve
cve

CVE-2023-26326

The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to ...

9.8CVSS

9.6AI Score

0.002EPSS

2023-02-23 08:15 PM
33
cve
cve

CVE-2024-5149

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.

6.5CVSS

7.2AI Score

0.0005EPSS

2024-06-05 05:15 AM
28