Vulnerabilities and security researches forbuddyforms buddyforms

Direction: ascending

Jun 07, 2024

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2018-21003

CVE, Research URL: CVE-2018-21003
Home page URL: Security reports for Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Application: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Date: Aug 27, 2019
Research Description: The buddyforms plugin before 2.2.8 for WordPress has SQL injection.
Affected versions: Min -, max -.
Status: vulnerable

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2022-38971

CVE, Research URL: CVE-2022-38971
Home page URL: Security reports for Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Application: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Date: Mar 16, 2023
Research Description: Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin <= 2.7.5 versions.
Affected versions: Min -, max -.
Status: vulnerable

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2023-26326

CVE, Research URL: CVE-2023-26326
Home page URL: Security reports for Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Application: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Date: Feb 24, 2023
Research Description: The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.
Affected versions: Min -, max -.
Status: vulnerable

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-30198

CVE, Research URL: CVE-2024-30198
Home page URL: Security reports for Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Application: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Date: Mar 27, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeKraft BuddyForms allows Reflected XSS.This issue affects BuddyForms: from n/a through 2.8.5.
Affected versions: Min -, max -.
Status: vulnerable

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2023-25981

CVE, Research URL: CVE-2023-25981
Home page URL: Security reports for Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Application: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Date: Aug 25, 2023
Research Description: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <= 2.8.1 versions.
Affected versions: Min -, max -.
Status: vulnerable

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-1169

CVE, Research URL: CVE-2024-1169
Home page URL: Security reports for Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Application: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Date: Mar 07, 2024
Research Description: The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyforms_upload_handle_dropped_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to upload media files.
Affected versions: Min -, max -.
Status: vulnerable

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-5149

CVE, Research URL: CVE-2024-5149
Home page URL: Security reports for Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Application: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Date: Jun 05, 2024
Research Description: The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.
Affected versions: Min -, max -.
Status: vulnerable

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-1170

CVE, Research URL: CVE-2024-1170
Home page URL: Security reports for Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Application: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Date: Mar 07, 2024
Research Description: The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handle_deleted_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to delete arbitrary media files.
Affected versions: Min -, max -.
Status: vulnerable

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-1158

CVE, Research URL: CVE-2024-1158
Home page URL: Security reports for Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Application: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Date: Mar 13, 2024
Research Description: The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyforms_new_page function in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber access or higher, to create pages with arbitrary titles. These pages are published.
Affected versions: Min -, max -.
Status: vulnerable

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-32830

CVE, Research URL: CVE-2024-32830
Home page URL: Security reports for Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Application: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Date: May 17, 2024
Research Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8.
Affected versions: Min -, max -.
Status: vulnerable

Sep 16, 2024

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-8246

CVE, Research URL: CVE-2024-8246
Home page URL: Security reports for Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Application: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Date: Sep 14, 2024
Research Description: The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not properly restricting what users have access to set the default role on registration forms. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with a custom role that allows them to register as administrators.
Affected versions: Min -, max -.
Status: vulnerable

Oct 03, 2024

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-47377

CVE, Research URL: CVE-2024-47377
Home page URL: Security reports for Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Application: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Date: Oct 05, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeKraft BuddyForms allows Stored XSS.This issue affects BuddyForms: from n/a through 2.8.12.
Affected versions: Min -, max -.
Status: vulnerable

Nov 15, 2024

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2022-4974

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Application: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable

Feb 01, 2025

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-12037

CVE, Research URL: CVE-2024-12037
Home page URL: Security reports for Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Application: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Date: Jan 31, 2025
Research Description: The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bf_new_submission_link' shortcode in all versions up to, and including, 2.8.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Feb 24, 2025

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-12038

CVE, Research URL: CVE-2024-12038
Home page URL: Security reports for Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Application: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Date: Feb 22, 2025
Research Description: The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buddyforms_nav' shortcode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Apr 06, 2025

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2025-32151

CVE, Research URL: CVE-2025-32151
Home page URL: Security reports for Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Application: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions
Date: Apr 04, 2025
Research Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sven Lehnert BuddyForms allows PHP Local File Inclusion. This issue affects BuddyForms: from n/a through 2.8.15.
Affected versions: Min -, max -.
Status: vulnerable

Vulnerabilities and security researches forbuddyforms buddyforms

Post Form &#8211; Registration Form &#8211; Profile Form for User Profiles &#8211; Frontend Content Forms for User Submissions # CVE-2018-21003

Post Form &#8211; Registration Form &#8211; Profile Form for User Profiles &#8211; Frontend Content Forms for User Submissions # CVE-2022-38971

Post Form &#8211; Registration Form &#8211; Profile Form for User Profiles &#8211; Frontend Content Forms for User Submissions # CVE-2023-26326

Post Form &#8211; Registration Form &#8211; Profile Form for User Profiles &#8211; Frontend Content Forms for User Submissions # CVE-2024-30198

Post Form &#8211; Registration Form &#8211; Profile Form for User Profiles &#8211; Frontend Content Forms for User Submissions # CVE-2023-25981

Post Form &#8211; Registration Form &#8211; Profile Form for User Profiles &#8211; Frontend Content Forms for User Submissions # CVE-2024-1169

Post Form &#8211; Registration Form &#8211; Profile Form for User Profiles &#8211; Frontend Content Forms for User Submissions # CVE-2024-5149

Post Form &#8211; Registration Form &#8211; Profile Form for User Profiles &#8211; Frontend Content Forms for User Submissions # CVE-2024-1170

Post Form &#8211; Registration Form &#8211; Profile Form for User Profiles &#8211; Frontend Content Forms for User Submissions # CVE-2024-1158

Post Form &#8211; Registration Form &#8211; Profile Form for User Profiles &#8211; Frontend Content Forms for User Submissions # CVE-2024-32830

Post Form &#8211; Registration Form &#8211; Profile Form for User Profiles &#8211; Frontend Content Forms for User Submissions # CVE-2024-8246

Post Form &#8211; Registration Form &#8211; Profile Form for User Profiles &#8211; Frontend Content Forms for User Submissions # CVE-2024-47377

Post Form &#8211; Registration Form &#8211; Profile Form for User Profiles &#8211; Frontend Content Forms for User Submissions # CVE-2022-4974

Post Form &#8211; Registration Form &#8211; Profile Form for User Profiles &#8211; Frontend Content Forms for User Submissions # CVE-2024-12037

Post Form &#8211; Registration Form &#8211; Profile Form for User Profiles &#8211; Frontend Content Forms for User Submissions # CVE-2024-12038

Post Form &#8211; Registration Form &#8211; Profile Form for User Profiles &#8211; Frontend Content Forms for User Submissions # CVE-2025-32151

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2018-21003

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2022-38971

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2023-26326

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-30198

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2023-25981

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-1169

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-5149

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-1170

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-1158

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-32830

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-8246

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-47377

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2022-4974

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-12037

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2024-12038

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions # CVE-2025-32151