Buddypress Security Vulnerabilities and Issues — Buddypress CVE List

Lucene search

BuddypressBuddypress

3 matches found

CVE•added 2024/05/14 3:42 p.m.•55 views

CVE-2024-3974

The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_name’ parameter in versions up to, and including, 12.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions a...

6.4CVSS5.7AI score0.00147EPSS

CVE•added 2024/06/12 2:15 a.m.•45 views

CVE-2024-4892

The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ parameter in versions up to, and including, 12.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permission...

6.4CVSS5.9AI score0.00281EPSS

CVE•added 2024/10/25 7:15 a.m.•39 views

CVE-2024-10011

The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended dire...

8.1CVSS7.9AI score0.00666EPSS