Product
buddypress
11 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-23798
CVE-2024-10011
CVE-2024-4892
CVE-2024-3974
CVE-2023-50880
CVE-2021-21389
CVE-2020-5244
CVE-2014-1889
CVE-2017-6954
CVE-2014-1888
CVE-2012-2109
<= 2.2.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElbowRobo Mass Messaging in
<= 14.1.0
The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id p
< 12.5.1
The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ parameter in versions
< 12.4.1
The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_name’ parameter in versions up
<= 11.3.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community Bud
>= 5.0.0 and < 7.2.1
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's po
>= 5.0.0 and < 5.1.2
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authenticatio
< 1.9.2
The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control o
<= 1.9.2
An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for aut
<= 1.9
Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to
all versions
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to exe