Buddyboss Platform@2.8.50 Security Vulnerabilities and Issues — Buddyboss Platform@2.8.50 CVE List

Lucene search

BuddybossBuddyboss Platform2.8.50

3 matches found

CVE•added 2025/05/02 7:15 a.m.•49 views

CVE-2024-13859

The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bp_nouveau_ajax_media_save’ function in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Su...

6.4CVSS5.8AI score0.00021EPSS

CVE•added 2025/05/02 7:15 a.m.•49 views

CVE-2024-13860

The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bbp_topic_title’ parameter in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-l...

6.4CVSS5.8AI score0.00021EPSS

CVE•added 2025/05/02 7:15 a.m.•45 views

CVE-2024-13858

The BuddyBoss Platform plugin and BuddyBoss Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘invitee_name’ parameter in all versions up to, and including, 2.8.50 and 2.8.41, respectively, due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.5AI score0.00022EPSS