| CVE-2026-1559 | Youzify <= 1.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'checkin_place_id' Parameter | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 6.4 | 2026-04-18 01:26:05 | Deep Dive |
| CVE-2026-5144 | BuddyPress Groupblog <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR | boonebgorges | BuddyPress Groupblog | High | 8.8 | 2026-04-11 01:25:00 | Deep Dive |
| CVE-2026-25325 | WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.8 - Sensitive Data Exposure vulnerability | rtCamp | rtMedia for WordPress, BuddyPress and bbPress | - | - | 2026-02-19 08:26:56 | Deep Dive |
| CVE-2024-11976 | BuddyPress <= 14.3.3 - Unauthenticated Arbitrary Shortcode Execution | buddypress | BuddyPress | High | 7.3 | 2026-01-23 06:45:12 | Deep Dive |
| CVE-2025-14997 | BuddyPress Xprofile Custom Field Types <= 1.2.8 - Authenticated (Subscriber+) Arbitrary File Deletion | buddydev | BuddyPress Xprofile Custom Field Types | High | 8.8 | 2026-01-06 04:31:57 | Deep Dive |
| CVE-2025-62760 | WordPress BuddyPress Activity Shortcode plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability | BuddyDev | BuddyPress Activity Shortcode | Medium | 6.5 | 2025-12-31 08:52:04 | Deep Dive |
| CVE-2025-14154 | Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.10.2 - Unauthenticated Stored Cross-Site Scripting | wordplus | Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages | Medium | 6.1 | 2025-12-17 05:24:55 | Deep Dive |
| CVE-2025-9218 | rtMedia for WordPress, BuddyPress and bbPress 4.7.0 - 4.7.3 - Missing Authorization to Unauthenticated Information Disclosure via handle_rest_pre_dispatch Function | rtcamp | rtMedia for WordPress, BuddyPress and bbPress | Low | 3.7 | 2025-12-13 04:31:26 | Deep Dive |
| CVE-2025-12391 | Restrictions for BuddyPress <= 1.5.2 - Missing Authorization to Unauthenticated Tracking Status Update | seventhqueen | Restrictions for BuddyPress | Medium | 5.3 | 2025-11-18 09:27:41 | Deep Dive |
| CVE-2025-62949 | WordPress Activity Plus Reloaded for BuddyPress plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability | BuddyDev | Activity Plus Reloaded for BuddyPress | - | - | 2025-10-27 01:34:09 | Deep Dive |
| CVE-2025-62022 | WordPress BuddyPress plugin <= 14.3.4 - Broken Access Control vulnerability | BuddyPress | BuddyPress | High | 7.5 | 2025-10-22 14:32:50 | Deep Dive |
| CVE-2025-58263 | WordPress BuddyPress Notification Widget Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability | BuddyDev | BuddyPress Notification Widget | Medium | 6.5 | 2025-09-22 18:23:20 | Deep Dive |
| CVE-2025-48158 | WordPress BuddyPress XProfile Custom Image Field Plugin <= 3.0.1 - Arbitrary File Deletion Vulnerability | Alex Githatu | BuddyPress XProfile Custom Image Field | High | 8.6 | 2025-08-20 08:03:31 | Deep Dive |
| CVE-2025-5526 | BuddyPress Docs < 2.2.5 - Subscriber+ Arbitrary Document Read/Update | Unknown | BuddyPress Docs | - | - | 2025-06-27 06:00:12 | Deep Dive |
| CVE-2025-30957 | WordPress Activity Plus Reloaded for BuddyPress plugin <= 1.1.2 - Broken Access Control Vulnerability | BuddyDev | Activity Plus Reloaded for BuddyPress | Medium | 5.4 | 2025-06-06 12:54:09 | Deep Dive |
| CVE-2024-6159 | Push Notification for Post and BuddyPress <=1.93 - Multiple Unauthenticated SQLi | Unknown | Push Notification for Post and BuddyPress | - | - | 2025-05-15 20:07:07 | Deep Dive |
| CVE-2025-47548 | WordPress Wbcom Designs - Activity Link Preview For BuddyPress plugin <= 1.4.4 - Server Side Request Forgery (SSRF) Vulnerability | Varun Dubey | Wbcom Designs - Activity Link Preview For BuddyPress | Medium | 5.4 | 2025-05-07 14:20:19 | Deep Dive |
| CVE-2025-3793 | Buddypress Force Password Change <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update | lamarant | Buddypress Force Password Change | Medium | 4.2 | 2025-04-24 08:23:52 | Deep Dive |
| CVE-2025-31006 | WordPress Activity Reactions For Buddypress plugin <= 1.0.22 - Reflected Cross Site Scripting (XSS) vulnerability | arete-it | Activity Reactions For Buddypress | High | 7.1 | 2025-04-17 15:47:52 | Deep Dive |
| CVE-2025-31033 | WordPress Buddypress Humanity plugin <= 1.2 - CSRF to Privilege Escalation vulnerability | Adam Nowak | Buddypress Humanity | Critical | 9.8 | 2025-04-09 16:10:14 | Deep Dive |