Buddypress

Buddypress

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.3

CVE-2024-11976

  • EPSS 0.1%
  • Veröffentlicht 23.01.2026 06:45:11
  • Zuletzt bearbeitet 26.01.2026 15:03:51

The The BuddyPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 14.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before runnin...

7.5

CVE-2025-62022

  • EPSS 0.05%
  • Veröffentlicht 22.10.2025 14:32:49
  • Zuletzt bearbeitet 20.01.2026 15:17:40

Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through <= 14.3.4.

6.1

CVE-2025-23798

  • EPSS 0.17%
  • Veröffentlicht 22.01.2025 15:15:23
  • Zuletzt bearbeitet 30.09.2025 17:05:49

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eliott Robson Mass Messaging in BuddyPress allows Reflected XSS. This issue affects Mass Messaging in BuddyPress: from n/a through 2.2.1.

8.1

CVE-2024-10011

  • EPSS 0.97%
  • Veröffentlicht 25.10.2024 07:15:02
  • Zuletzt bearbeitet 06.11.2024 16:01:39

The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions...

5.4

CVE-2024-4892

  • EPSS 0.54%
  • Veröffentlicht 12.06.2024 02:15:10
  • Zuletzt bearbeitet 05.06.2025 16:23:47

The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ parameter in versions up to, and including, 12.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenti...

5.4

CVE-2024-3974

  • EPSS 0.2%
  • Veröffentlicht 14.05.2024 15:42:39
  • Zuletzt bearbeitet 05.06.2025 20:28:53

The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_name’ parameter in versions up to, and including, 12.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

5.4

CVE-2023-50880

  • EPSS 0.27%
  • Veröffentlicht 29.12.2023 12:15:44
  • Zuletzt bearbeitet 21.11.2024 08:37:28

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1.

9

CVE-2021-21389

  • EPSS 93.64%
  • Veröffentlicht 26.03.2021 21:15:13
  • Zuletzt bearbeitet 21.11.2024 05:48:15

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members ...

7.5

CVE-2020-5244

  • EPSS 1.13%
  • Veröffentlicht 24.02.2020 18:15:22
  • Zuletzt bearbeitet 21.11.2024 05:33:45

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.

6.5

CVE-2014-1889

Exploit
  • EPSS 13.36%
  • Veröffentlicht 10.04.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 02:05:13

The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.