Vulnerabilities > Buddypress > Buddypress > 9.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-25 | CVE-2024-10011 | Path Traversal vulnerability in Buddypress The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. | 8.1 |
| 2024-06-12 | CVE-2024-4892 | Cross-site Scripting vulnerability in Buddypress The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ parameter in versions up to, and including, 12.4.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-14 | CVE-2024-3974 | Cross-site Scripting vulnerability in Buddypress The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_name’ parameter in versions up to, and including, 12.4.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2023-12-29 | CVE-2023-50880 | Unspecified vulnerability in Buddypress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1. | 5.4 |