Vulnerabilities > Themekraft > Buddyforms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-14 | CVE-2024-8246 | Unspecified vulnerability in Themekraft Buddyforms The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. | 8.8 |
| 2024-06-05 | CVE-2024-5149 | Use of Insufficiently Random Values vulnerability in Themekraft Buddyforms The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. | 5.3 |
| 2023-02-23 | CVE-2023-26326 | Deserialization of Untrusted Data vulnerability in Themekraft Buddyforms The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. | 9.8 |
| 2019-08-27 | CVE-2018-21003 | SQL Injection vulnerability in Themekraft Buddyforms The buddyforms plugin before 2.2.8 for WordPress has SQL injection. | 9.8 |