Every CVE whose affected-product data names Buddypress, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2024-10011 — CVSS 8.1 (high): The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter…
CVE-2021-21389 — CVSS 8.1 (high): BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible…
CVE-2020-5244 — CVSS 8.0 (high): In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not…
CVE-2012-2109 — CVSS 7.5 (high): SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute…
CVE-2025-23798 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElbowRobo Mass Messaging in…
CVE-2023-50880 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress…
CVE-2014-1889 — CVSS 6.5 (medium): The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of…
CVE-2024-4892 — CVSS 6.4 (medium): The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ parameter in versions up to…
CVE-2024-3974 — CVSS 6.4 (medium): The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_name’ parameter in versions up to, and…
CVE-2014-1888 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject…
CVE-2017-6954 — CVSS 4.3 (medium): An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for…