Vulnerabilities > Themekraft

DATE CVE VULNERABILITY TITLE RISK
2024-09-14 CVE-2024-8246 Unspecified vulnerability in Themekraft Buddyforms
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11.
network
low complexity
themekraft
8.8
2024-06-10 CVE-2024-35726 Unspecified vulnerability in Themekraft Buddypress Woocommerce MY Account Integration. Create Woocommerce Member Pages
Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.19.
network
low complexity
themekraft
8.8
2024-06-05 CVE-2024-5149 Use of Insufficiently Random Values vulnerability in Themekraft Buddyforms
The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code.
network
low complexity
themekraft CWE-330
5.3
2023-11-06 CVE-2023-5823 Unspecified vulnerability in Themekraft TK Google Fonts Gdpr Compliant 2.2.11
Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin <= 2.2.11 versions.
network
low complexity
themekraft
8.8
2023-08-25 CVE-2023-25981 Cross-site Scripting vulnerability in Themekraft Post Form
Auth.
network
low complexity
themekraft CWE-79
5.4
2023-03-16 CVE-2022-38971 Unspecified vulnerability in Themekraft Post Form Registration Form Profile Form for User Profiles and Content Forms
Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin <= 2.7.5 versions.
network
low complexity
themekraft
5.4
2023-02-23 CVE-2023-26326 Deserialization of Untrusted Data vulnerability in Themekraft Buddyforms
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue.
network
low complexity
themekraft CWE-502
critical
9.8
2019-08-27 CVE-2018-21003 SQL Injection vulnerability in Themekraft Buddyforms
The buddyforms plugin before 2.2.8 for WordPress has SQL injection.
network
low complexity
themekraft CWE-89
critical
9.8