Vulnerabilities and security researches forwc4bp wc4bp

Jun 07, 2024

CVE, Research URL: CVE-2024-32603
Home page URL: Security reports for BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Application: BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Date: Apr 18, 2024
Research Description: Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.20.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: 56edb0bf6162cef456d757e4166dfc3ad5af8590
Home page URL: Security reports for BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Application: BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Date: Feb 28, 2022
Research Description: BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages [wc4bp] < 3.4.2 WordPress WooBuddy -> WooCommerce BuddyPress Integration plugin <= 3.4.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress WooBuddy -> WooCommerce BuddyPress Integration plugin (versions <= 3.4.1).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-2025
Home page URL: Security reports for BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Application: BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Date: Mar 23, 2024
Research Description: The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the get_simple_request function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Affected versions: Min -, max -.
Status: vulnerable

Jun 11, 2024

CVE, Research URL: CVE-2024-35726
Home page URL: Security reports for BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Application: BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Date: Jun 10, 2024
Research Description: Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.19.
Affected versions: Min -, max -.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Application: BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable

Mar 02, 2025

CVE, Research URL: CVE-2025-1780
Home page URL: Security reports for BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Application: BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Date: Mar 01, 2025
Research Description: The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bp_delete_page() function in all versions up to, and including, 3.4.25. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins page setting.
Affected versions: Min -, max -.
Status: vulnerable

May 07, 2025

CVE, Research URL: CVE-2024-13358
Home page URL: Security reports for BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Application: BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Date: Mar 01, 2025
Research Description: The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bp_delete_page() function in all versions up to, and including, 3.4.24. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins page setting.
Affected versions: Min -, max -.
Status: vulnerable