cleantalk
Vulnerabilities and Security Researches

BuddyForms Moderation ( Former: Review Logic ), 897b17e2e87fb40e2397863f5bd6a2d899657e77

CVE, Research URL

897b17e2e87fb40e2397863f5bd6a2d899657e77

Home page URL

Security reports for BuddyForms Moderation ( Former: Review Logic )

Application

BuddyForms Moderation ( Former: Review Logic )

Published on
Oct 03, 2022
Research Description
BuddyForms Moderation ( Former: Review Logic ) [buddyforms-review] < 1.4.8 BuddyForms Moderation <= 1.4.16 - Authenticated Stored Cross-Site Scripting The BuddyForms Moderation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buddyforms_moderators' parameter in versions up to, and including, 1.4.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to edit BuddyForms to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.4.8.
Status
vulnerable
Previous vulnerability researches
BuddyForms Moderation ( Former: Review Logic ) (897b17e2e87fb40e2397863f5bd6a2d899657e77) , Jun 07, 2024
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025