Vulnerabilities > Themekraft > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-05 CVE-2024-5149 Use of Insufficiently Random Values vulnerability in Themekraft Buddyforms
The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code.
network
low complexity
themekraft CWE-330
5.3
5.3
2023-08-25 CVE-2023-25981 Cross-site Scripting vulnerability in Themekraft Post Form
Auth.
network
low complexity
themekraft CWE-79
5.4
5.4
2023-03-16 CVE-2022-38971 Unspecified vulnerability in Themekraft Post Form Registration Form Profile Form for User Profiles and Content Forms
Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin <= 2.7.5 versions.
network
low complexity
themekraft
5.4
5.4