Unrated severityNVD Advisory· Published Oct 27, 2025· Updated Apr 28, 2026No known patch
WordPress BuddyForms plugin <= 2.9.0 - Broken Access Control vulnerability
No known patch is available for this vulnerability.
The affected plugin has not been updated on WordPress.org since before this CVE was disclosed; the latest installable version is still vulnerable. If you have the affected software installed, you should uninstall or replace it rather than wait for an update.
CVE-2025-62973
Description
Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyForms: from n/a through <= 2.9.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=2.9.0+ 1 more
- (no CPE)range: <=2.9.0
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.