Vulnerabilities > Buddypress
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-25 | CVE-2024-10011 | Path Traversal vulnerability in Buddypress The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. | 8.1 |
| 2023-12-29 | CVE-2023-50880 | Cross-site Scripting vulnerability in Buddypress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1. | 5.4 |
| 2021-03-26 | CVE-2021-21389 | Incorrect Authorization vulnerability in Buddypress BuddyPress is an open source WordPress plugin to build a community site. | 9.0 |
| 2020-02-24 | CVE-2020-5244 | Information Exposure vulnerability in Buddypress In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. | 5.0 |
| 2018-04-10 | CVE-2014-1889 | Permissions, Privileges, and Access Controls vulnerability in Buddypress The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check. | 4.0 |
| 2017-03-17 | CVE-2017-6954 | Improper Privilege Management vulnerability in Buddypress An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. | 4.0 |
| 2014-03-01 | CVE-2014-1888 | Cross-Site Scripting vulnerability in Buddypress Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. | 4.3 |
| 2012-09-04 | CVE-2012-2109 | SQL Injection vulnerability in Buddypress SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action. | 7.5 |