Known Vulnerabilities for products from Buddypress
Listed below are 7 of the newest known vulnerabilities associated with the vendor "Buddypress".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-62760 | Not Provided | 2025-12-31 | 2026-04-01 | |
| CVE-2025-58263 | Not Provided | 2025-09-22 | 2026-04-01 | |
| CVE-2025-48158 | Not Provided | 2025-08-20 | 2026-04-01 | |
| CVE-2025-47548 | Not Provided | 2025-05-07 | 2026-04-01 | |
| CVE-2025-31812 | Not Provided | 2025-04-01 | 2026-04-01 | |
| CVE-2025-31033 | Not Provided | 2025-04-09 | 2026-04-01 | |
| CVE-2025-31006 | Not Provided | 2025-04-17 | 2026-04-01 | |
| CVE-2025-30957 | Not Provided | 2025-06-06 | 2026-04-01 | |
| CVE-2025-24538 | Not Provided | 2025-01-27 | 2026-04-01 | |
| CVE-2025-23798 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElbowRobo Mass Messagin... | Not Provided | 2025-01-22 | 2026-04-01 |
| CVE-2021-21389 | BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it... | 8.8 - HIGH | 2021-03-26 | 2021-04-01 |
| CVE-2020-5244 | In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authenti... | 7.5 - HIGH | 2020-02-24 | 2020-02-25 |
| CVE-2017-6954 | An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible fo... | 4.3 - MEDIUM | 2017-03-17 | 2019-10-03 |
| CVE-2014-1889 | The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain cont... | 6.5 - MEDIUM | 2018-04-10 | 2019-04-26 |
| CVE-2014-1888 | Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated user... | 4.3 - MEDIUM | 2014-03-01 | 2018-10-30 |
| CVE-2012-2109 | SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers t... | 7.5 - HIGH | 2012-09-04 | 2018-10-30 |
Known software with vulnerabilities from Buddypress
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Buddypress | Buddypress | 1.0 |
| Application | Buddypress | Buddypress Plugin | 1.5 |