Buddyboss Buddyboss Platform — known CVE vulnerabilities
Every CVE whose affected-product data names Buddyboss Buddyboss Platform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2025-1909 — CVSS 9.8 (critical): The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is…
CVE-2024-13402 — CVSS 6.4 (medium): The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_title’ parameter in all versions…
CVE-2024-13858 — CVSS 6.4 (medium): The BuddyBoss Platform plugin and BuddyBoss Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘invitee_name’…
CVE-2024-13860 — CVSS 6.4 (medium): The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bbp_topic_title’ parameter in all…
CVE-2024-13859 — CVSS 6.4 (medium): The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bp_nouveau_ajax_media_save’ function…
CVE-2024-4886 — CVSS 4.3 (medium): The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request
CVE-2024-12767 — CVSS 3.5 (low): The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private…