Themekraft: Security Vulnerabilities
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <= 2.8.1 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-25
Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin <= 2.7.5 versions.
CVSS Score
4.7
EPSS Score
0.001
Published
2023-03-16
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.
CVSS Score
9.8
EPSS Score
0.402
Published
2023-02-23
The buddyforms plugin before 2.2.8 for WordPress has SQL injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-27
Page 2