Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 66 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2024-49247 WordPress BuddyPress Better Registration plugin <= 1.6 - Broken Authentication vulnerability SKBuddyPress Better Registration 超危 -2024-10-16 12:31:02 Deep Dive
CVE-2022-4974 Freemius SDK <= 2.4.2 - Missing Authorization Checks dashlabsltdYASR – Yet Another Star Rating Plugin for WordPress Medium 6.3 2024-10-16 06:43:30 Deep Dive
CVE-2024-9067 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Missing Authorization to Arbitrary (Subscriber+) Attachment Deletion youzifyYouzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress Medium 4.3 2024-10-10 02:06:13 Deep Dive
CVE-2024-8987 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via youzify_media Shortcode youzifyYouzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress Medium 6.4 2024-10-10 02:06:05 Deep Dive
CVE-2024-9207 BuddyPress Docs <= 2.2.3 - Reflected Cross-Site Scripting boonebgorgesBuddyPress Docs Medium 6.1 2024-10-08 11:04:23 Deep Dive
CVE-2024-4742 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.2.5 - Authenticated (Contributor+) SQL Injection youzifyYouzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress Medium 6.5 2024-06-20 02:08:20 Deep Dive
CVE-2024-4892 BuddyPress <= 12.4.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting buddypressBuddyPress Medium 6.4 2024-06-12 01:55:22 Deep Dive
CVE-2024-35746 WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability Asghar HatampoorBuddyPress Cover Critical 10.0 2024-06-10 16:34:27 Deep Dive
CVE-2024-0972 BuddyPress Members Only <= 3.4.8 - Improper Access Control to Sensitive Information Exposure via REST API zhuyiBuddyPress Members Only Medium 5.3 2024-06-06 03:53:12 Deep Dive
CVE-2024-3974 BuddyPress <= 12.4.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting buddypressBuddyPress Medium 6.4 2024-05-09 20:03:23 Deep Dive
CVE-2024-3293 rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode rtcamprtMedia for WordPress, BuddyPress and bbPress High 8.8 2024-04-23 01:58:07 Deep Dive
CVE-2024-2864 WordPress Youzify - Buddypress Moderation plugin <= 1.2.5 - Unauthenticated Cross Site Scripting (XSS) vulnerability KaineLabsYouzify - Buddypress Moderation High 7.3 2024-03-25 10:51:19 Deep Dive
CVE-2024-2025 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.20 - Authenticated (Subscriber+) PHP Object Injection in get_simple_request themekraftBuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages High 8.8 2024-03-23 01:57:39 Deep Dive
CVE-2023-50880 WordPress BuddyPress Plugin <= 11.3.1 is vulnerable to Cross Site Scripting (XSS) The BuddyPress CommunityBuddyPress Medium 6.5 2023-12-29 11:28:39 Deep Dive
CVE-2023-5939 rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Admin+ RCE UnknownrtMedia for WordPress, BuddyPress and bbPress--2023-12-26 18:33:10 Deep Dive
CVE-2023-5931 rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Subscriber+ RCE UnknownrtMedia for WordPress, BuddyPress and bbPress--2023-12-26 18:33:01 Deep Dive
CVE-2023-47191 WordPress Youzify Plugin <= 1.2.2 is vulnerable to Insecure Direct Object References (IDOR) KaineLabsYouzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress Medium 6.5 2023-12-21 18:26:53 Deep Dive
CVE-2023-49168 WordPress BP Better Messages Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS) WordPlusBetter Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss Medium 6.5 2023-12-14 14:49:33 Deep Dive
CVE-2023-28694 WordPress Wbcom Designs – BuddyPress Activity Social Share Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF) Wbcom DesignsWbcom Designs – BuddyPress Activity Social Share Medium 5.4 2023-11-12 21:47:32 Deep Dive
CVE-2023-45755 WordPress BuddyPress Global Search Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) BuddyBossBuddyPress Global Search Medium 5.9 2023-10-24 11:34:09 Deep Dive