Medium severity6.5NVD Advisory· Published Jun 5, 2024· Updated Apr 8, 2026
CVE-2024-5149
CVE-2024-5149
Description
The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:themekraft:buddyforms:*:*:*:*:*:wordpress:*:*+ 1 more
- cpe:2.3:a:themekraft:buddyforms:*:*:*:*:*:wordpress:*:*range: <=2.8.9
- (no CPE)range: <=2.8.9
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.