Vulnerabilities and security researches forbuddyforms-review buddyforms-review

Jun 07, 2024

CVE, Research URL: 897b17e2e87fb40e2397863f5bd6a2d899657e77
Home page URL: Security reports for BuddyForms Moderation ( Former: Review Logic )
Application: BuddyForms Moderation ( Former: Review Logic )
Date: Oct 03, 2022
Research Description: BuddyForms Moderation ( Former: Review Logic ) [buddyforms-review] < 1.4.8 BuddyForms Moderation <= 1.4.16 - Authenticated Stored Cross-Site Scripting The BuddyForms Moderation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buddyforms_moderators' parameter in versions up to, and including, 1.4.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to edit BuddyForms to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable