Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

buddydev — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting buddydev. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by buddydev:Activity Plus Reloaded for BuddyPressMediaPressBuddyPress Notification WidgetBuddyPress Activity ShortcodeBuddyPress Xprofile Custom Field Types
CVE IDTitleCVSSSeverityPublished
CVE-2026-22519 WordPress MediaPress plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability — MediaPressCWE-79 6.5 Medium2026-01-08
CVE-2025-14552 MediaPress <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode — MediaPressCWE-79 6.4 Medium2026-01-06
CVE-2025-14997 BuddyPress Xprofile Custom Field Types <= 1.2.8 - Authenticated (Subscriber+) Arbitrary File Deletion — BuddyPress Xprofile Custom Field TypesCWE-22 8.8 High2026-01-06
CVE-2025-62760 WordPress BuddyPress Activity Shortcode plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability — BuddyPress Activity ShortcodeCWE-79 6.5 Medium2025-12-31
CVE-2025-62949 WordPress Activity Plus Reloaded for BuddyPress plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability — Activity Plus Reloaded for BuddyPressCWE-79 5.4AIMediumAI2025-10-27
CVE-2025-58263 WordPress BuddyPress Notification Widget Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability — BuddyPress Notification WidgetCWE-79 6.5 Medium2025-09-22
CVE-2025-58608 WordPress MediaPress Plugin <= 1.5.9.1 - Local File Inclusion Vulnerability — MediaPressCWE-98 7.5 High2025-09-03
CVE-2025-30957 WordPress Activity Plus Reloaded for BuddyPress plugin <= 1.1.2 - Broken Access Control Vulnerability — Activity Plus Reloaded for BuddyPressCWE-862 5.4 Medium2025-06-06
CVE-2024-11913 Activity Plus Reloaded for BuddyPress <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery — Activity Plus Reloaded for BuddyPressCWE-918 5.4 Medium2025-01-24

This page lists every published CVE security advisory associated with buddydev. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.