BadgeOS — Vulnerabilities & Security Advisories 8

All 8 CVE vulnerabilities found in BadgeOS, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-47647	WordPress BadgeOS plugin <= 3.7.1.6 - Broken Access Control vulnerability CWE-862	4.3	Medium	2025-01-02
CVE-2023-2173	BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion CWE-639	6.5	Medium	2023-08-31
CVE-2023-2171	BadgeOS <= 3.7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79	5.4	Medium	2023-08-31
CVE-2023-2174	BadgeOS <= 3.7.1.6 - Missing Authorization in delete_badgeos_log_entries CWE-862	4.3	Medium	2023-08-31
CVE-2023-2172	BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite CWE-639	4.3	Medium	2023-08-31
CVE-2022-41987	WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Cross Site Request Forgery (CSRF) CWE-352	6.3	Medium	2023-05-25
CVE-2022-2958	BadgeOS < 3.7.1.3 - Subscriber+ SQLi CWE-89	8.8	-	2022-09-19
CVE-2022-0817	BadgeOS <= 3.7.0 - Unauthenticated SQLi CWE-89	9.8	-	2022-05-09

All 8 known CVE vulnerabilities affecting BadgeOS with full Chinese analysis, references, and POCs where available.