Vulnerabilities and security researches forbuddyforms-members buddyforms-members

Jun 07, 2024

CVE, Research URL: 053af10176d1dc3feead6bb1c45f871d35190797
Home page URL: Security reports for BuddyPress & BuddyBoss Member Profile Forms
Application: BuddyPress & BuddyBoss Member Profile Forms
Date: May 31, 2022
Research Description: BuddyPress & BuddyBoss Member Profile Forms [buddyforms-members] < 1.4.22 BuddyForms Members <= 1.4.21 - Cross-Site Scripting The plugin BuddyForms Members is vulnerable to Cross-Site Scripting via various parameters in versions up to, and including, 1.4.21 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable