cleantalk
Vulnerabilities and Security Researches

BuddyPress, CVE-2012-2109

CVE, Research URL

CVE-2012-2109

Home page URL

Security reports for BuddyPress

Application

BuddyPress

Published on
Sep 05, 2012
Research Description
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.
Affected versions
Min 5.0.0, max 6.4.0.
Status
vulnerable
Previous vulnerability researches
AI Moderator for BuddyPress (c5199662169f8022d0a0bdb6a709c2dd4e56fd11) , Jun 07, 2024
Buddypress Humanity (CVE-2025-31033) , Apr 11, 2025
BuddyPress xProfile Checkout Manager for WooCommerce (a5d9f295a711e0878315c783d59b7a1edfa94bbf) , Jun 07, 2024
Wbcom Designs – BuddyPress Group Reviews (CVE-2022-2108) , Jun 06, 2024
Wbcom Designs – BuddyPress Group Reviews (dc16c7b0b542f8afa7dafd55e2f68f72e9f422be) , Jun 06, 2024
New vulnerability
WP Links Page (CVE-2025-10175) , Nov 10, 2025
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2025-62884) , Nov 10, 2025
Fix Multiple Redirects (CVE-2025-48092) , Nov 10, 2025
Photospace Responsive Gallery (CVE-2025-62899) , Nov 10, 2025
Grid Plus – Unlimited grid layout (CVE-2025-53352) , Nov 10, 2025