Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bbpress bbpress vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-13693
An unauthenticated privilege-escalation issue exists in the bbPress plugin prior to 2.6.5 for WordPress when New User Registration is enabled.
Bbpress Bbpress
4.8
CVSSv3
CVE-2020-13487
The bbPress plugin up to and including 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?a...
Bbpress Bbpress
6.1
CVSSv3
CVE-2011-1150
bbPress up to and including 1.0.2 has XSS in /bb-login.php url via the re parameter.
Bbpress Bbpress
NA
CVE-2011-3710
bbPress 1.0.2 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files.
Bbpress Bbpress 1.0.2
NA
CVE-2007-3244
SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress prior to 0.8.1 might allow remote malicious users to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the "quircky slashes bug.&q...
Bbpress Bbpress 0.8
NA
CVE-2007-3243
Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote malicious users to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header.
Bbpress Bbpress 0.8.1
1 EDB exploit
9.8
CVSSv3
CVE-2018-21005
The bbp-move-topics plugin prior to 1.1.6 for WordPress has code injection.
Bbpress Move Topics Project Bbpress Move Topics
8.8
CVSSv3
CVE-2018-21006
The bbp-move-topics plugin prior to 1.1.6 for WordPress has CSRF.
Bbpress Move Topics Project Bbpress Move Topics
4.8
CVSSv3
CVE-2023-24403
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP For The Win bbPress Voting plugin <= 2.1.11.0 versions.
Wpforthewin Bbpress Voting
8.8
CVSSv3
CVE-2023-34031
Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions.
Casier Bbpress Toolkit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »