BuddyForms
Themekraft
Developer
2.9.0
Latest version
1,000
Installations
Jun 4, 2025
Last updated
Vulnerability history
2 present
17 fixed
11 Mitigation rules
- Broken Access Control vulnerability<= 2.9.0Oct 19, 2025
- Local File Inclusion vulnerability<= 2.9.0Apr 4, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode vulnerability<= 2.8.15Feb 21, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 2.8.13Jan 31, 2025
- Cross Site Scripting (XSS) vulnerability<= 2.8.12Sep 30, 2024
- Authenticated (Contributor+) Privilege Escalation vulnerability<= 2.8.11Sep 16, 2024
- Email Verification Bypass due to Insufficient Randomness vulnerability<= 2.8.9Jun 5, 2024
- WordPress buddyforms plugin <= 2.8.8- Arbitrary File Read and SSRF vulnerability<= 2.8.8Apr 22, 2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 2.8.5Mar 25, 2024
- Missing Authorization to Unauthenticated Media Deletion vulnerability<= 2.8.7Mar 7, 2024
- Missing Authorization vulnerability<= 2.8.7Mar 7, 2024
- Missing Authorization to Unauthenticated Media Upload vulnerability<= 2.8.7Mar 7, 2024
- Reflected Cross Site Scripting (XSS) vulnerability< 2.8.3Jul 18, 2023
- Cross Site Scripting (XSS) vulnerability<= 2.8.1May 12, 2023
- PHAR Deserialization vulnerability<= 2.7.7Feb 21, 2023
- Auth. Stored Cross-Site Scripting (XSS) vulnerability<= 2.7.5Oct 27, 2022
- Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability<= 2.6.2Feb 28, 2022
- Sensitive Information Disclosure vulnerability<= 2.6.2Feb 28, 2022
- Authenticated Option Update vulnerability (Fremius Library security issue)<= 2.3.1Mar 5, 2019