Themekraft Buddyforms

11 CVEs affecting Themekraft Buddyforms. Latest disclosed: 2025-10-27. Critical: 2, High: 3.

Top CVEs affecting Themekraft Buddyforms
CVESeverityScorePublishedSummary
CVE-2023-26326Critical9.82023-02-23The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker cou…
CVE-2018-21003Critical9.82019-08-27The buddyforms plugin before 2.2.8 for WordPress has SQL injection.
CVE-2024-8246High8.82024-09-14The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to pr…
CVE-2024-32830High8.62024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relat…
CVE-2025-32151High7.52025-04-04Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themekraft BuddyForms buddyforms allow…
CVE-2024-5149Medium6.52024-06-05The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently ran…
CVE-2024-12038Medium6.42025-02-22The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to St…
CVE-2024-47377Medium5.92024-10-05Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themekraft BuddyForms buddyforms allows Stored XSS.This i…
CVE-2024-30198Medium5.82024-03-27Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeKraft BuddyForms allows Reflected XSS.This issue aff…
CVE-2025-62973Medium5.32025-10-27Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Budd…
CVE-2024-1158Medium4.32024-03-13The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to un…