Known Vulnerabilities for products from Badgeos
Listed below are 7 of the newest known vulnerabilities associated with the vendor "Badgeos".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-47647 json | Not Provided | 2025-01-02 | 2026-04-28 | |
| CVE-2023-2174 json | The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ... | Not Provided | 2023-08-31 | 2026-04-08 |
| CVE-2023-2173 json | The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6.... | Not Provided | 2023-08-31 | 2026-04-08 |
| CVE-2023-2172 json | The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6.... | Not Provided | 2023-08-31 | 2026-04-08 |
| CVE-2023-2171 json | The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to... | Not Provided | 2023-08-31 | 2026-04-08 |
| CVE-2022-41987 json | Cross-Site Request Forgery (CSRF) vulnerability in LearningTimes BadgeOS plugin <= 3.7.1.6 versions. | 8.8 - HIGH | 2023-05-25 | 2023-05-31 |
| CVE-2022-2958 json | The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via A... | 8.8 - HIGH | 2022-09-19 | 2022-09-21 |
| CVE-2022-0817 json | The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an... | 9.8 - CRITICAL | 2022-05-09 | 2022-05-16 |