cleantalk
Vulnerabilities and Security Researches

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions , CVE-2025-32151

CVE, Research URL

CVE-2025-32151

Home page URL

Security reports for Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions

Application

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions

Published on
Apr 04, 2025
Research Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sven Lehnert BuddyForms allows PHP Local File Inclusion. This issue affects BuddyForms: from n/a through 2.8.15.
Affected versions
Min -, max 2.8.15.
Status
vulnerable
Previous vulnerability researches
Swiss Toolkit For WP (CVE-2025-31546) , Apr 03, 2025
Swiss Toolkit For WP (CVE-2025-31544) , Apr 03, 2025
Swiss Toolkit For WP (CVE-2024-5204) , Jun 07, 2024
New vulnerability
Advanced All in One Admin Search by WP Spotlight (CVE-2025-32261) , Apr 06, 2025
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC (CVE-2025-32219) , Apr 06, 2025
Salon booking system (CVE-2025-32220) , Apr 06, 2025
1 Click WordPress Migration Plugin – 100% FREE for a limited time (CVE-2025-32257) , Apr 06, 2025
Sparkle Elementor Kit (CVE-2025-32157) , Apr 06, 2025