Lucene search
K
ThemekraftBuddyforms

11 matches found

CVE
CVE
added 2024/05/17 9:40 a.m.217 views

CVE-2024-32830

CVE-2024-32830 affects WordPress BuddyForms plugin. The issue is an improper pathname limitation (Path Traversal) that enables Server-Side Request Forgery and Arbitrary File Read for BuddyForms versions up to and including 2.8.8. Exploitation details are not provided in the connected documents. I...

8.6CVSS6.7AI score0.00583EPSS
CVE
CVE
added 2023/02/23 12:0 a.m.132 views

CVE-2023-26326

CVE-2023-26326 affects the BuddyForms WordPress plugin, versions before 2.7.8. The vulnerability is an unauthenticated insecure deserialization due to how buddyforms_upload_image_from_url handles input, permitting a PHAR wrapper to deserialize data and invoke arbitrary PHP objects. This can enabl...

9.8CVSS9.6AI score0.03824EPSS
CVE
CVE
added 2025/04/04 3:58 p.m.77 views

CVE-2025-32151

CVE-2025-32151 affects the BuddyForms WordPress plugin (vulnerable range up to 2.8.15; later entries note 2.8.17 as affected). The issue is an improper control of the filename used in PHP Include/Require leading to Local File Inclusion (LFI). Exploitation requires authentication (Authenticated as...

8.8CVSS7.2AI score0.00891EPSS
CVE
CVE
added 2019/08/27 11:26 a.m.74 views

CVE-2018-21003

The CVE-2018-21003 entry concerns the WordPress BuddyForms plugin prior to version 2.2.8, which is vulnerable to SQL injection. The affected component is the BuddyForms plugin (WordPress integration); root cause reported is SQL injection. Impact is described in the initial data as high severity (...

9.8CVSS9.9AI score0.01833EPSS
CVE
CVE
added 2024/03/13 3:26 p.m.67 views

CVE-2024-1158

The CVE-2024-1158 entry concerns the WordPress plugin BuddyForms (Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions). All versions up to 2.8.7 are affected due to a missing capability check in buddyforms_new_page, enabling authenticated u...

4.3CVSS5.3AI score0.00507EPSS
CVE
CVE
added 2024/10/05 3:12 p.m.67 views

CVE-2024-47377

CVE-2024-47377 is a stored XSS in WordPress BuddyForms plugin versions up to 2.8.12 caused by improper neutralization of input during web page generation. Affected product: BuddyForms (WordPress plugin); vulnerable component/version range corresponds to 2.x releases before 2.8.13. Public sources ...

5.9CVSS5.9AI score0.00261EPSS
CVE
CVE
added 2024/09/14 3:19 a.m.63 views

CVE-2024-8246

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress (BuddyForms) has a privilege-escalation vulnerability in all versions up to and including 2.8.11. The root cause is inadequate restriction of what users can ...

8.8CVSS8.7AI score0.00431EPSS
CVE
CVE
added 2025/02/22 4:21 a.m.62 views

CVE-2024-12038

CVE-2024-12038 is a stored XSS vulnerability in the WordPress plugin Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) (BuddyForms). The issue arises from insufficient input sanitization and output escaping for attributes in the bud...

6.4CVSS5.8AI score0.00227EPSS
CVE
CVE
added 2024/03/27 6:16 a.m.61 views

CVE-2024-30198

Technical details for CVE-2024-30198 are not publicly available in the provided documents. No affected product versions, root cause, or remediation are specified here. Monitor for official disclosures or vendor advisories for confirmed remediation.

6.1CVSS8.6AI score0.00312EPSS
CVE
CVE
added 2024/06/05 4:32 a.m.55 views

CVE-2024-5149

The vulnerability CVE-2024-5149 affects the BuddyForms WordPress plugin (all versions up to and including 2.8.9). It enables an Email Verification Bypass due to an insufficiently random activation code, allowing unauthenticated attackers to bypass email verification. Wordfence reports this issue ...

6.5CVSS6AI score0.00388EPSS
CVE
CVE
added 2025/10/27 1:34 a.m.14 views

CVE-2025-62973

CVE-2025-62973 is a Missing Authorization / Broken Access Control vulnerability in Themekraft BuddyForms WordPress plugin, affecting BuddyForms versions from the earliest through 2.9.0. The issue allows Accessing Functionality Not Properly Constrained by ACLs. Public records (NVD, Red Hat, CIRCL,...

5.3CVSS6.6AI score0.00211EPSS