cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forbp-toolkit bp-toolkit

Direction: ascending
Jun 07, 2024

Block, Suspend, Report for BuddyPress # 225d51fa138a54128c3080915d4943e5ef08cb6d

Date
Feb 28, 2022
Research Description
Block, Suspend, Report for BuddyPress [bp-toolkit] < 3.3.3 WordPress "Block, Suspend, Report for BuddyPress" plugin < 3.3.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress "Block, Suspend, Report for BuddyPress" plugin (versions < 3.3.3).
Affected versions
max 3.3.3.
Status
vulnerable
Nov 15, 2024

Block, Suspend, Report for BuddyPress # CVE-2022-4974

CVE, Research URL

CVE-2022-4974

Date
Oct 16, 2024
Research Description
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions
max 3.3.3.
Status
vulnerable
Jun 13, 2026

Block, Suspend, Report for BuddyPress # CVE-2023-33999

CVE, Research URL

CVE-2023-33999

Date
Jun 11, 2026
Research Description
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows DOM-Based XSS. This issue affects WP Mail Log: from n/a through 1.0.2.
Affected versions
max 3.6.1.
Status
vulnerable
Jun 15, 2026

Block, Suspend, Report for BuddyPress # c6312b1ead969660dc02d793e5d0e60668afd42c

Date
Feb 28, 2022
Research Description
Block, Suspend, Report for BuddyPress [bp-toolkit] < 3.3.3 WordPress "Block, Suspend, Report for BuddyPress" plugin < 3.3.3 - Sensitive Information Disclosure vulnerability Sensitive Information Disclosure vulnerability discovered in WordPress "Block, Suspend, Report for BuddyPress" plugin (versions < 3.3.3).
Affected versions
max 3.3.3.
Status
vulnerable

Block, Suspend, Report for BuddyPress # 6d8910c719b2a132ec93828cd37e418b19cac960

Date
Mar 04, 2022
Research Description
Block, Suspend, Report for BuddyPress [bp-toolkit] < 3.3.3 Freemius SDK <= 2.4.2 - Missing Authorization Checks The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions
max 3.3.3.
Status
vulnerable
Jul 11, 2026

Block, Suspend, Report for BuddyPress # CVE-2026-4653

CVE, Research URL

CVE-2026-4653

Date
Jul 09, 2026
Research Description
The Block, Suspend, Report for BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter in versions up to and including 3.6.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 3.6.5.
Status
vulnerable