cleantalk
Vulnerabilities and Security Researches

BuddyPress Extended Friendship Request, CVE-2013-4944

CVE, Research URL

CVE-2013-4944

Home page URL

Security reports for BuddyPress Extended Friendship Request

Application

BuddyPress Extended Friendship Request

Published on
Jul 30, 2013
Research Description
Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers to inject arbitrary web script or HTML via the friendship_request_message parameter to wp-admin/admin-ajax.php. NOTE: some of these details are obtained from third party information.
Affected versions
max 1.0.2.
Status
vulnerable
Previous vulnerability researches
FriendStore for WooCommerce (CVE-2024-51784) , Nov 08, 2024
BuddyPress Extended Friendship Request (CVE-2013-4944) , Jun 06, 2024
Friends (CVE-2024-12028) , Dec 07, 2024
Friends (CVE-2024-1978) , Jun 07, 2024
Friends (CVE-2025-7504) , Jul 12, 2025
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026