BuddyPress — Vulnerabilities & Security Advisories 8

All 8 CVE vulnerabilities found in BuddyPress, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-11976	BuddyPress <= 14.3.3 - Unauthenticated Arbitrary Shortcode Execution CWE-94	7.3	High	2026-01-23
CVE-2025-62022	WordPress BuddyPress plugin <= 14.3.4 - Broken Access Control vulnerability CWE-862	7.5	High	2025-10-22
CVE-2024-10011	BuddyPress <= 14.1.0 - Authenticated (Subscriber+) Directory Traversal CWE-22	8.1	High	2024-10-25
CVE-2024-4892	BuddyPress <= 12.4.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting CWE-79	6.4	Medium	2024-06-12
CVE-2024-3974	BuddyPress <= 12.4.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting CWE-79	6.4	Medium	2024-05-09
CVE-2023-50880	WordPress BuddyPress Plugin <= 11.3.1 is vulnerable to Cross Site Scripting (XSS) CWE-79	6.5	Medium	2023-12-29
CVE-2021-21389	BuddyPress privilege escalation via REST API CWE-863	8.1	High	2021-03-26
CVE-2020-5244	Private data exposure via REST API in BuddyPress CWE-284	8.0	High	2020-02-24

All 8 known CVE vulnerabilities affecting BuddyPress with full Chinese analysis, references, and POCs where available.