VYPR

Buddypress Force Password Change

by WordPress

CVEs (1)

  • CVE-2025-3793MedApr 24, 2025
    risk 0.27cvss 4.2epss 0.00

    The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user's identity prior to updating their password through the 'bp_force_password_ajax' function in all versions up to, and…