Buddypress

Buddypress

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2026-53675

  • EPSS 0.19%
  • Veröffentlicht 09.06.2026 23:44:22
  • Zuletzt bearbeitet 10.06.2026 19:41:25

BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers can query the friends endpoint with an arbitrary u...

7.1

CVE-2026-53674

  • EPSS 0.29%
  • Veröffentlicht 09.06.2026 23:44:21
  • Zuletzt bearbeitet 10.06.2026 19:41:25

BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing r...

8.1

CVE-2026-53673

  • EPSS 0.29%
  • Veröffentlicht 09.06.2026 23:44:20
  • Zuletzt bearbeitet 10.06.2026 19:41:25

BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a user_id parameter in the request. Attackers can pass ...

7.3

CVE-2024-11976

  • EPSS 0.44%
  • Veröffentlicht 23.01.2026 06:45:11
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The The BuddyPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 14.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before runnin...

7.5

CVE-2025-62022

  • EPSS 0.39%
  • Veröffentlicht 22.10.2025 14:32:49
  • Zuletzt bearbeitet 28.04.2026 22:16:19

Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through <= 14.3.4.

6.1

CVE-2025-23798

  • EPSS 0.3%
  • Veröffentlicht 22.01.2025 15:15:23
  • Zuletzt bearbeitet 23.04.2026 15:24:32

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElbowRobo Mass Messaging in BuddyPress mass-messaging-in-buddypress allows Reflected XSS.This issue affects Mass Messaging in BuddyPress: from n/a t...

8.1

CVE-2024-10011

  • EPSS 0.91%
  • Veröffentlicht 25.10.2024 07:15:02
  • Zuletzt bearbeitet 08.04.2026 18:19:02

The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions...

5.4

CVE-2024-4892

  • EPSS 0.32%
  • Veröffentlicht 12.06.2024 02:15:10
  • Zuletzt bearbeitet 08.04.2026 17:18:58

The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ parameter in versions up to, and including, 12.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenti...

5.4

CVE-2024-3974

  • EPSS 0.44%
  • Veröffentlicht 14.05.2024 15:42:39
  • Zuletzt bearbeitet 08.04.2026 18:21:38

The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_name’ parameter in versions up to, and including, 12.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

5.4

CVE-2023-50880

  • EPSS 0.36%
  • Veröffentlicht 29.12.2023 12:15:44
  • Zuletzt bearbeitet 28.04.2026 19:22:39

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1.