Buddyboss Buddyboss_platform
7 CVEs affecting Buddyboss Buddyboss_platform. Latest disclosed: 2025-05-15. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-1909 | Critical | 9.8 | 2025-05-05 | The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient ve… |
CVE-2024-13860 | Medium | 6.4 | 2025-05-02 | The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bbp_topic_title’ parameter in all versions up to, and includi… |
CVE-2024-13859 | Medium | 6.4 | 2025-05-02 | The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bp_nouveau_ajax_media_save’ function in all versions up to, a… |
CVE-2024-13858 | Medium | 6.4 | 2025-05-02 | The BuddyBoss Platform plugin and BuddyBoss Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘invitee_name’ parameter in all versions u… |
CVE-2024-13402 | Medium | 6.4 | 2025-02-27 | The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_title’ parameter in all versions up to, and including, 2… |
CVE-2024-4886 | Medium | 4.3 | 2024-06-05 | The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request |
CVE-2024-12767 | Low | 3.5 | 2025-05-15 | The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts |