Vulnerabilities > Buddyboss
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-05 | CVE-2024-4886 | Authorization Bypass Through User-Controlled Key vulnerability in Buddyboss Platform The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request | 4.3 |
2023-10-25 | CVE-2023-45755 | Cross-site Scripting vulnerability in Buddyboss Buddypress Global Search Auth. | 4.8 |
2023-10-03 | CVE-2023-32669 | Authorization Bypass Through User-Controlled Key vulnerability in Buddyboss 2.2.9 Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. | 5.4 |
2023-10-03 | CVE-2023-32670 | Cross-site Scripting vulnerability in Buddyboss 2.2.9 Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded. | 5.4 |
2023-10-03 | CVE-2023-32671 | Cross-site Scripting vulnerability in Buddyboss 2.2.9 A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. | 5.4 |
2022-01-26 | CVE-2021-43334 | Cross-site Scripting vulnerability in Buddyboss BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Group Description field. | 3.5 |
2022-01-26 | CVE-2021-44692 | Information Exposure vulnerability in Buddyboss BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the email address of each user. | 5.0 |
2019-09-09 | CVE-2018-21014 | Cross-site Scripting vulnerability in Buddyboss Buddymoss Media The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. | 3.5 |