BuddyForms
Themekraft
Developer
2.9.0
Latest version
1,000
Installations
No date
Last updated
Vulnerability history
2 present
17 patched
11 Mitigation rules
- Broken Access Control vulnerability<= 2.9.019/10/2025
- Local File Inclusion vulnerability<= 2.9.004/04/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode vulnerability<= 2.8.1521/02/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 2.8.1331/01/2025
- Cross Site Scripting (XSS) vulnerability<= 2.8.1230/09/2024
- Authenticated (Contributor+) Privilege Escalation vulnerability<= 2.8.1116/09/2024
- Email Verification Bypass due to Insufficient Randomness vulnerability<= 2.8.905/06/2024
- WordPress buddyforms plugin <= 2.8.8- Arbitrary File Read and SSRF vulnerability<= 2.8.822/04/2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 2.8.525/03/2024
- Missing Authorization to Unauthenticated Media Deletion vulnerability<= 2.8.707/03/2024
- Missing Authorization vulnerability<= 2.8.707/03/2024
- Missing Authorization to Unauthenticated Media Upload vulnerability<= 2.8.707/03/2024
- Reflected Cross Site Scripting (XSS) vulnerability< 2.8.318/07/2023
- Cross Site Scripting (XSS) vulnerability<= 2.8.112/05/2023
- PHAR Deserialization vulnerability<= 2.7.721/02/2023
- Auth. Stored Cross-Site Scripting (XSS) vulnerability<= 2.7.527/10/2022
- Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability<= 2.6.228/02/2022
- Sensitive Information Disclosure vulnerability<= 2.6.228/02/2022
- Authenticated Option Update vulnerability (Fremius Library security issue)<= 2.3.105/03/2019