Vulnerability List

CVE ID	Title	Vendor	Product	Severity	CVSS Score	Published At	AI Analysis
CVE-2025-31812	WordPress BuddyPress Members Only plugin <= 3.5.3 - Cross Site Scripting (XSS) vulnerability	Tomas	BuddyPress Members Only	Medium	6.5	2025-04-01 14:51:41	Deep Dive
CVE-2024-13697	Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.7.4 - Unauthenticated Limited Server-Side Request Forgery in nice_links	wordplus	Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages	Medium	4.8	2025-03-01 08:23:21	Deep Dive
CVE-2024-13611	Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory	wordplus	Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages	High	7.5	2025-03-01 08:23:20	Deep Dive
CVE-2025-1780	BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings Update	themekraft	BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages	Medium	4.3	2025-03-01 03:22:19	Deep Dive
CVE-2024-13358	BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update	themekraft	BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages	Medium	4.3	2025-03-01 03:22:19	Deep Dive
CVE-2025-23771	WordPress Push Notification for Post and BuddyPress plugin <= 2.11 - Settings Change vulnerability	Murali	Push Notification for Post and BuddyPress	Medium	6.5	2025-02-14 12:44:32	Deep Dive
CVE-2024-13529	SocialV - Social Network and Community BuddyPress Theme <= 2.0.15 - Missing Authorization to Arbitrary File Download	iqonicdesign	SocialV - Social Network and Community BuddyPress Theme	Medium	6.5	2025-02-04 09:21:08	Deep Dive
CVE-2024-13612	Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	wordplus	Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages	Medium	6.4	2025-02-01 12:21:31	Deep Dive
CVE-2025-24538	WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerability	Slava Abakumov	BuddyPress Groups Extras	Medium	5.4	2025-01-27 14:22:15	Deep Dive
CVE-2024-13370	Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update (save_addon_key_license)	youzify	Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress	Medium	6.5	2025-01-25 07:24:20	Deep Dive
CVE-2024-13368	Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update	youzify	Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress	Medium	4.3	2025-01-25 07:24:17	Deep Dive
CVE-2024-12113	Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress By KaineLabs <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Review Deletion	youzify	Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress	Medium	4.3	2025-01-25 07:24:16	Deep Dive
CVE-2024-11913	Activity Plus Reloaded for BuddyPress <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery	buddydev	Activity Plus Reloaded for BuddyPress	Medium	5.4	2025-01-24 13:40:57	Deep Dive
CVE-2025-23798	WordPress Mass Messaging in BuddyPress Plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability	ElbowRobo	Mass Messaging in BuddyPress	High	7.1	2025-01-22 14:29:22	Deep Dive
CVE-2025-23706	WordPress Jet Skinner for BuddyPress plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability	milordk	Jet Skinner for BuddyPress	High	7.1	2025-01-22 14:29:20	Deep Dive
CVE-2024-12407	Push Notification for Post and BuddyPress <= 2.07 - Reflected Cross-Site Scripting	murali-indiacitys	Push Notification for Post and BuddyPress	Medium	6.1	2025-01-11 07:21:55	Deep Dive
CVE-2023-41951	WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.6.14 - Broken Access Control vulnerability	rtCamp	rtMedia for WordPress, BuddyPress and bbPress	Medium	4.3	2024-12-13 14:24:25	Deep Dive
CVE-2024-10778	BuddyPress Builder for Elementor – BuddyBuilder <= 1.7.4 - Authenticated (Contributor+) Post Disclosure	staxwp	BuddyPress Builder for Elementor – BuddyBuilder	Medium	4.3	2024-11-13 02:02:28	Deep Dive
CVE-2024-49650	WordPress BuddyPress Greeting Message plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability	Xarbo	BuddyPress Greeting Message	High	7.1	2024-10-29 12:01:10	Deep Dive
CVE-2024-10011	BuddyPress <= 14.1.0 - Authenticated (Subscriber+) Directory Traversal	buddypress	BuddyPress	High	8.1	2024-10-25 06:51:24	Deep Dive

Goal Reached Thanks to every supporter — we hit 100%!

Vulnerability List