Known Vulnerabilities for BuddyPress by Buddypress
Listed below are 10 of the newest known vulnerabilities associated with "BuddyPress" by "Buddypress".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-5144 json | The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9... | Not Provided | 2026-04-11 | 2026-04-11 |
| CVE-2025-62760 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev BuddyPress Act... | Not Provided | 2025-12-31 | 2026-04-01 |
| CVE-2025-58263 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev BuddyPress Not... | Not Provided | 2025-09-22 | 2026-04-01 |
| CVE-2025-48158 json | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Alex Githatu BuddyPress XProf... | Not Provided | 2025-08-20 | 2026-04-01 |
| CVE-2025-47548 json | Server-Side Request Forgery (SSRF) vulnerability in Varun Dubey Wbcom Designs - Activity Link Preview For BuddyPress activity... | Not Provided | 2025-05-07 | 2026-04-01 |
| CVE-2025-31812 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomas BuddyPress Member... | Not Provided | 2025-04-01 | 2026-04-01 |
| CVE-2025-31033 json | Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity buddypress-humanity allows Cross Site Reque... | Not Provided | 2025-04-09 | 2026-04-01 |
| CVE-2025-31006 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arete-it Activity React... | Not Provided | 2025-04-17 | 2026-04-01 |
| CVE-2025-30957 json | Missing Authorization vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress bp-activity-plus-reloaded allows Exploi... | Not Provided | 2025-06-06 | 2026-04-01 |
| CVE-2025-24538 json | Cross-Site Request Forgery (CSRF) vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cr... | Not Provided | 2025-01-27 | 2026-04-01 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Buddypress | Buddypress | 5.1.2 | |||
| Application | Buddypress | Buddypress | 3.0 | |||
| Application | Buddypress | Buddypress | 2.9.3 | |||
| Application | Buddypress | Buddypress | 2.9.2 | |||
| Application | Buddypress | Buddypress | 2.9.0 | |||
| Application | Buddypress | Buddypress | 2.9.0 | |||
| Application | Buddypress | Buddypress | 2.8.1 | |||
| Application | Buddypress | Buddypress | 2.8.0 | |||
| Application | Buddypress | Buddypress | 2.8.0 | |||
| Application | Buddypress | Buddypress | 2.7.4 | |||
| Application | Buddypress | Buddypress | 2.7.1 | |||
| Application | Buddypress | Buddypress | 2.7.0 | |||
| Application | Buddypress | Buddypress | 2.7.0 | |||
| Application | Buddypress | Buddypress | 2.7.0 | |||
| Application | Buddypress | Buddypress | 2.5.0 | |||
| Application | Buddypress | Buddypress | 2.4.2 | |||
| Application | Buddypress | Buddypress | 2.4.0 | |||
| Application | Buddypress | Buddypress | 2.3.5 | |||
| Application | Buddypress | Buddypress | 2.3.4 | |||
| Application | Buddypress | Buddypress | 2.3.3 |