cleantalk
Vulnerabilities and Security Researches

BuddyForms Ultimate Member, 893cfcf44e3c079784f666e461a667cb4f6e2761

CVE, Research URL

893cfcf44e3c079784f666e461a667cb4f6e2761

Home page URL

Security reports for BuddyForms Ultimate Member

Application

BuddyForms Ultimate Member

Published on
Jul 19, 2023
Research Description
BuddyForms Ultimate Member [buddyforms-ultimate-member] < 1.3.8 WordPress BuddyForms Ultimate Member Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS) Update the WordPress BuddyForms Ultimate Member plugin to the latest available version. Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress BuddyForms Ultimate Member Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.3.8.
Affected versions
Min -, max 1.3.8.
Status
vulnerable
Previous vulnerability researches
BuddyForms Ultimate Member (893cfcf44e3c079784f666e461a667cb4f6e2761) , Jun 06, 2024
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025