Themekraft Buddyforms
11 CVEs affecting Themekraft Buddyforms. Latest disclosed: 2025-10-27. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-26326 | Critical | 9.8 | 2023-02-23 | The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker cou… |
CVE-2018-21003 | Critical | 9.8 | 2019-08-27 | The buddyforms plugin before 2.2.8 for WordPress has SQL injection. |
CVE-2024-8246 | High | 8.8 | 2024-09-14 | The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to pr… |
CVE-2024-32830 | High | 8.6 | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relat… |
CVE-2025-32151 | High | 7.5 | 2025-04-04 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themekraft BuddyForms buddyforms allow… |
CVE-2024-5149 | Medium | 6.5 | 2024-06-05 | The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently ran… |
CVE-2024-12038 | Medium | 6.4 | 2025-02-22 | The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to St… |
CVE-2024-47377 | Medium | 5.9 | 2024-10-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themekraft BuddyForms buddyforms allows Stored XSS.This i… |
CVE-2024-30198 | Medium | 5.8 | 2024-03-27 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeKraft BuddyForms allows Reflected XSS.This issue aff… |
CVE-2025-62973 | Medium | 5.3 | 2025-10-27 | Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Budd… |
CVE-2024-1158 | Medium | 4.3 | 2024-03-13 | The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to un… |