11 matches found
CVE-2024-32830
CVE-2024-32830 affects WordPress BuddyForms plugin. The issue is an improper pathname limitation (Path Traversal) that enables Server-Side Request Forgery and Arbitrary File Read for BuddyForms versions up to and including 2.8.8. Exploitation details are not provided in the connected documents. I...
CVE-2023-26326
CVE-2023-26326 affects the BuddyForms WordPress plugin, versions before 2.7.8. The vulnerability is an unauthenticated insecure deserialization due to how buddyforms_upload_image_from_url handles input, permitting a PHAR wrapper to deserialize data and invoke arbitrary PHP objects. This can enabl...
CVE-2025-32151
CVE-2025-32151 affects the BuddyForms WordPress plugin (vulnerable range up to 2.8.15; later entries note 2.8.17 as affected). The issue is an improper control of the filename used in PHP Include/Require leading to Local File Inclusion (LFI). Exploitation requires authentication (Authenticated as...
CVE-2018-21003
The CVE-2018-21003 entry concerns the WordPress BuddyForms plugin prior to version 2.2.8, which is vulnerable to SQL injection. The affected component is the BuddyForms plugin (WordPress integration); root cause reported is SQL injection. Impact is described in the initial data as high severity (...
CVE-2024-1158
The CVE-2024-1158 entry concerns the WordPress plugin BuddyForms (Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions). All versions up to 2.8.7 are affected due to a missing capability check in buddyforms_new_page, enabling authenticated u...
CVE-2024-47377
CVE-2024-47377 is a stored XSS in WordPress BuddyForms plugin versions up to 2.8.12 caused by improper neutralization of input during web page generation. Affected product: BuddyForms (WordPress plugin); vulnerable component/version range corresponds to 2.x releases before 2.8.13. Public sources ...
CVE-2024-8246
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress (BuddyForms) has a privilege-escalation vulnerability in all versions up to and including 2.8.11. The root cause is inadequate restriction of what users can ...
CVE-2024-12038
CVE-2024-12038 is a stored XSS vulnerability in the WordPress plugin Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) (BuddyForms). The issue arises from insufficient input sanitization and output escaping for attributes in the bud...
CVE-2024-30198
Technical details for CVE-2024-30198 are not publicly available in the provided documents. No affected product versions, root cause, or remediation are specified here. Monitor for official disclosures or vendor advisories for confirmed remediation.
CVE-2024-5149
The vulnerability CVE-2024-5149 affects the BuddyForms WordPress plugin (all versions up to and including 2.8.9). It enables an Email Verification Bypass due to an insufficiently random activation code, allowing unauthenticated attackers to bypass email verification. Wordfence reports this issue ...
CVE-2025-62973
CVE-2025-62973 is a Missing Authorization / Broken Access Control vulnerability in Themekraft BuddyForms WordPress plugin, affecting BuddyForms versions from the earliest through 2.9.0. The issue allows Accessing Functionality Not Properly Constrained by ACLs. Public records (NVD, Red Hat, CIRCL,...