CVE-2023-26326 — CVSS 9.8 (critical): The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An…
CVE-2024-8246 — CVSS 8.8 (high): The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for…
CVE-2024-32830 — CVSS 8.6 (high): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side…
CVE-2025-32151 — CVSS 7.5 (high): Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themekraft…
CVE-2024-5149 — CVSS 6.5 (medium): The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of…
CVE-2024-12038 — CVSS 6.4 (medium): The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for…
CVE-2024-47377 — CVSS 5.9 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themekraft BuddyForms buddyforms…
CVE-2024-30198 — CVSS 5.8 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeKraft BuddyForms allows…
CVE-2025-62973 — CVSS 5.3 (medium): Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by…
CVE-2024-1158 — CVSS 4.3 (medium): The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for…