Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
by WordPress
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-8246 | Hig | 0.50 | 8.8 | 0.00 | Sep 14, 2024 | The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not properly restricting… | ||
| CVE-2024-1170 | Hig | 0.46 | 8.2 | 0.01 | Mar 7, 2024 | The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handle_deleted_media function in all… | ||
| CVE-2024-1169 | Hig | 0.42 | 7.5 | 0.01 | Mar 7, 2024 | The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyforms_upload_handle_dropped_media function… | ||
| CVE-2024-12038 | Med | 0.35 | 6.4 | 0.00 | Feb 22, 2025 | The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buddyforms_nav' shortcode in all versions up to, and including, 2.8.15… | ||
| CVE-2024-12037 | Med | 0.35 | 6.4 | 0.00 | Jan 31, 2025 | The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bf_new_submission_link' shortcode in all versions up to, and… | ||
| CVE-2024-1158 | Med | 0.28 | 4.3 | 0.01 | Mar 13, 2024 | The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyforms_new_page function in all… |
- risk 0.50cvss 8.8epss 0.00
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not properly restricting…
- risk 0.46cvss 8.2epss 0.01
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handle_deleted_media function in all…
- risk 0.42cvss 7.5epss 0.01
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyforms_upload_handle_dropped_media function…
- risk 0.35cvss 6.4epss 0.00
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buddyforms_nav' shortcode in all versions up to, and including, 2.8.15…
- risk 0.35cvss 6.4epss 0.00
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bf_new_submission_link' shortcode in all versions up to, and…
- risk 0.28cvss 4.3epss 0.01
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyforms_new_page function in all…