CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47377 – WordPress BuddyForms plugin <= 2.8.12 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-47377
30 Sep 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeKraft BuddyForms allows Stored XSS.This issue affects BuddyForms: from n/a through 2.8.12. The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.8.12 due to insufficient input sanitization and output escaping. This... • https://patchstack.com/database/vulnerability/buddyforms/wordpress-buddyforms-plugin-2-8-12-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32830 – WordPress buddyforms plugin <= 2.8.8- Arbitrary File Read and SSRF vulnerability
https://notcve.org/view.php?id=CVE-2024-32830
22 Apr 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8. Vulnerabilidad de limitación incorrecta de nombre de ruta a un directorio restringido ("Path Traversal") en ThemeKraft BuddyForms permite Server Side Request Forgery y path traversal relativo. Este problema afecta a BuddyForms: desde n/a hasta 2.8.8. The Post Form – Registration... • https://patchstack.com/database/vulnerability/buddyforms/wordpress-buddyforms-plugin-2-8-8-arbitrary-file-read-and-ssrf-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30198 – WordPress Buddyforms plugin <= 2.8.5 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30198
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeKraft BuddyForms allows Reflected XSS.This issue affects BuddyForms: from n/a through 2.8.5. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en ThemeKraft BuddyForms permite el XSS reflejado. Este problema afecta a BuddyForms: desde n/a hasta 2.8.5. The BuddyForms plugin for WordPress is vulnerable to Reflected Cross-Site Script... • https://patchstack.com/database/vulnerability/buddyforms/wordpress-buddyforms-plugin-2-8-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •