Buddyboss Buddyboss_platform

7 CVEs affecting Buddyboss Buddyboss_platform. Latest disclosed: 2025-05-15. Critical: 1, High: 0.

Top CVEs affecting Buddyboss Buddyboss_platform
CVESeverityScorePublishedSummary
CVE-2025-1909Critical9.82025-05-05The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient ve…
CVE-2024-13860Medium6.42025-05-02The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bbp_topic_title’ parameter in all versions up to, and includi…
CVE-2024-13859Medium6.42025-05-02The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bp_nouveau_ajax_media_save’ function in all versions up to, a…
CVE-2024-13858Medium6.42025-05-02The BuddyBoss Platform plugin and BuddyBoss Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘invitee_name’ parameter in all versions u…
CVE-2024-13402Medium6.42025-02-27The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_title’ parameter in all versions up to, and including, 2…
CVE-2024-4886Medium4.32024-06-05The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request
CVE-2024-12767Low3.52025-05-15The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts