Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

themekraft — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting themekraft. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by themekraft:Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)BuddyFormsBuddyPress WooCommerce My Account Integration. Create WooCommerce Member PagesWooBuddyPost Form – Registration Form – Profile Form for User Profiles and Content Forms for User SubmissionsPost FormTK Google Fonts GDPR Compliant
CVE IDTitleCVSSSeverityPublished
CVE-2025-62973 WordPress BuddyForms plugin <= 2.9.0 - Broken Access Control vulnerability — BuddyFormsCWE-862 9.1AICriticalAI2025-10-27
CVE-2025-32151 WordPress BuddyForms Plugin <= 2.9.0 - Local File Inclusion vulnerability — BuddyFormsCWE-98 7.5 High2025-04-04
CVE-2024-13358 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update — BuddyPress WooCommerce My Account Integration. Create WooCommerce Member PagesCWE-862 4.3 Medium2025-03-01
CVE-2025-1780 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings Update — BuddyPress WooCommerce My Account Integration. Create WooCommerce Member PagesCWE-862 4.3 Medium2025-03-01
CVE-2024-12038 Frontend Content Forms for User Submissions (UGC) <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-79 6.4 Medium2025-02-22
CVE-2024-12037 Frontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-79 6.4 Medium2025-01-31
CVE-2024-47377 WordPress BuddyForms plugin <= 2.8.12 - Cross Site Scripting (XSS) vulnerability — BuddyFormsCWE-79 5.9 Medium2024-10-05
CVE-2024-8246 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.11 - Authenticated (Contributor+) Privilege Escalation — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-269 8.8 High2024-09-14
CVE-2024-35726 WordPress WooBuddy plugin <= 3.4.19 - Broken Access Control vulnerability — WooBuddyCWE-862 4.3 Medium2024-06-10
CVE-2024-5149 BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-330 6.5 Medium2024-06-05
CVE-2024-32830 WordPress buddyforms plugin <= 2.8.8- Arbitrary File Read and SSRF vulnerability — BuddyFormsCWE-22 8.6 High2024-05-17
CVE-2024-32603 WordPress WooBuddy plugin <= 3.4.20 - PHP Object Injection vulnerability — WooBuddyCWE-502 8.5 High2024-04-18
CVE-2024-30198 WordPress Buddyforms plugin <= 2.8.5 - Reflected Cross Site Scripting (XSS) vulnerability — BuddyFormsCWE-79 5.8 Medium2024-03-27
CVE-2024-2025 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.20 - Authenticated (Subscriber+) PHP Object Injection in get_simple_request — BuddyPress WooCommerce My Account Integration. Create WooCommerce Member PagesCWE-502 8.8 High2024-03-23
CVE-2024-1158 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-862 4.3 Medium2024-03-13
CVE-2024-1170 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Deletion — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-862 8.2 High2024-03-07
CVE-2024-1169 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Upload — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-862 7.5 High2024-03-07
CVE-2023-5823 WordPress TK Google Fonts GDPR Compliant Plugin <= 2.2.11 is vulnerable to Cross Site Request Forgery (CSRF) — TK Google Fonts GDPR CompliantCWE-352 8.8 -2023-11-06
CVE-2023-25981 WordPress BuddyForms Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS) — Post FormCWE-79 6.5 Medium2023-08-25
CVE-2022-38971 WordPress BuddyForms Plugin <= 2.7.5 is vulnerable to Cross Site Scripting (XSS) — Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User SubmissionsCWE-79 4.7 Medium2023-03-16

This page lists every published CVE security advisory associated with themekraft. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.