Vulnerabilities > Buddypress
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-25 | CVE-2024-10011 | Path Traversal vulnerability in Buddypress The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. | 8.1 |
2023-12-29 | CVE-2023-50880 | Unspecified vulnerability in Buddypress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1. | 5.4 |
2021-03-26 | CVE-2021-21389 | Unspecified vulnerability in Buddypress BuddyPress is an open source WordPress plugin to build a community site. | 8.8 |
2020-02-24 | CVE-2020-5244 | Information Exposure vulnerability in Buddypress 5.0.0/5.1.0/5.1.1 In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. | 7.5 |
2018-04-10 | CVE-2014-1889 | Permissions, Privileges, and Access Controls vulnerability in Buddypress The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check. | 6.5 |
2017-03-17 | CVE-2017-6954 | Improper Privilege Management vulnerability in Buddypress An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. | 4.3 |