CVEDB API

Vulnerabilities

Vulnerable Software

Themekraft: >> Buddyforms >> 2.8.11 Security Vulnerabilities

CVE-2025-62973

Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyForms: from n/a through <= 2.9.0.

CVSS Score

5.3

EPSS Score

0.0

Published

2025-10-27

CVE-2025-32151

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sven Lehnert BuddyForms allows PHP Local File Inclusion. This issue affects BuddyForms: from n/a through 2.8.15.

CVSS Score

7.5

EPSS Score

0.002

Published

2025-04-04

CVE-2024-12038

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buddyforms_nav' shortcode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS Score

6.4

EPSS Score

0.001

Published

2025-02-22

CVE-2024-47377

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeKraft BuddyForms allows Stored XSS.This issue affects BuddyForms: from n/a through 2.8.12.

CVSS Score

5.9

EPSS Score

0.001

Published

2024-10-05

CVE-2024-8246

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not properly restricting what users have access to set the default role on registration forms. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with a custom role that allows them to register as administrators.

CVSS Score

8.8

EPSS Score

0.002

Published

2024-09-14

Page 1

Vulnerabilities

Vulnerable Software

Themekraft: >> Buddyforms >> 2.8.11 Security Vulnerabilities

Products

Pricing

Contact Us