cleantalk
Vulnerabilities and Security Researches

BuddyPress & BuddyBoss Member Profile Forms, 053af10176d1dc3feead6bb1c45f871d35190797

CVE, Research URL

053af10176d1dc3feead6bb1c45f871d35190797

Home page URL

Security reports for BuddyPress & BuddyBoss Member Profile Forms

Application

BuddyPress & BuddyBoss Member Profile Forms

Published on
May 31, 2022
Research Description
BuddyPress &amp; BuddyBoss Member Profile Forms [buddyforms-members] < 1.4.22 BuddyForms Members <= 1.4.21 - Cross-Site Scripting The plugin BuddyForms Members is vulnerable to Cross-Site Scripting via various parameters in versions up to, and including, 1.4.21 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.4.22.
Status
vulnerable
Previous vulnerability researches
BuddyPress &amp; BuddyBoss Member Profile Forms (053af10176d1dc3feead6bb1c45f871d35190797) , Jun 07, 2024
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025