Themekraft

Buddyforms

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-62973

  • EPSS 0.05%
  • Veröffentlicht 27.10.2025 01:34:16
  • Zuletzt bearbeitet 20.01.2026 15:18:12

Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyForms: from n/a through <= 2.9.0.

8.8

CVE-2025-32151

  • EPSS 0.42%
  • Veröffentlicht 04.04.2025 16:15:23
  • Zuletzt bearbeitet 26.11.2025 17:30:51

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sven Lehnert BuddyForms allows PHP Local File Inclusion. This issue affects BuddyForms: from n/a through 2.8.15.

5.4

CVE-2024-12038

  • EPSS 0.08%
  • Veröffentlicht 22.02.2025 05:15:12
  • Zuletzt bearbeitet 06.03.2025 12:42:22

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buddyforms_nav' shortcode in all versions up to...

5.4

CVE-2024-47377

  • EPSS 0.09%
  • Veröffentlicht 05.10.2024 16:15:04
  • Zuletzt bearbeitet 25.11.2025 20:17:31

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeKraft BuddyForms allows Stored XSS.This issue affects BuddyForms: from n/a through 2.8.12.

8.8

CVE-2024-8246

  • EPSS 0.34%
  • Veröffentlicht 14.09.2024 04:15:04
  • Zuletzt bearbeitet 26.09.2024 14:00:09

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not ...

5.3

CVE-2024-5149

  • EPSS 0.17%
  • Veröffentlicht 05.06.2024 05:15:50
  • Zuletzt bearbeitet 21.11.2024 09:47:04

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the ema...

7.5

CVE-2024-32830

  • EPSS 1.31%
  • Veröffentlicht 17.05.2024 10:15:11
  • Zuletzt bearbeitet 25.11.2025 19:54:02

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8.

6.1

CVE-2024-30198

  • EPSS 0.18%
  • Veröffentlicht 27.03.2024 07:15:57
  • Zuletzt bearbeitet 26.11.2025 13:27:06

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeKraft BuddyForms allows Reflected XSS.This issue affects BuddyForms: from n/a through 2.8.5.

4.3

CVE-2024-1158

  • EPSS 0.16%
  • Veröffentlicht 13.03.2024 16:15:17
  • Zuletzt bearbeitet 11.03.2025 13:18:18

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyforms_new_pag...

9.8

CVE-2023-26326

Exploit
  • EPSS 41.83%
  • Veröffentlicht 23.02.2023 20:15:14
  • Zuletzt bearbeitet 21.11.2024 07:51:07

The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data an...