cleantalk
Vulnerabilities and Security Researches

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages, CVE-2024-2025

CVE, Research URL

CVE-2024-2025

Home page URL

Security reports for BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages

Application

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages

Published on
Mar 23, 2024
Research Description
The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the get_simple_request function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Affected versions
Min -, max 3.4.21.
Status
vulnerable
Previous vulnerability researches
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages (CVE-2024-13358) , May 07, 2025
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages (CVE-2022-4974) , Nov 15, 2024
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages (CVE-2025-1780) , Mar 02, 2025
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages (CVE-2024-35726) , Jun 11, 2024
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages (CVE-2024-32603) , Jun 07, 2024
New vulnerability
CarDealerPress (CVE-2025-3860) , May 08, 2025
Crossword Compiler Puzzles (CVE-2025-46493) , May 08, 2025
Frontend Dashboard (CVE-2025-4104) , May 08, 2025
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2025-0671) , May 08, 2025
Pods – Custom Content Types and Fields (CVE-2025-1446) , May 08, 2025