cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12221,https://securityvulnerability.io/vulnerability/CVE-2024-12221,Reflected Cross-Site Scripting Vulnerability in Turnkey bbPress by WeaverTheme for WordPress,"The Turnkey bbPress plugin developed by WeaverTheme for WordPress has a vulnerability that allows for reflected cross-site scripting via the ‘_wpnonce’ parameter. This vulnerability exists in all versions up to and including 1.6.3, where inadequate input sanitization and output escaping procedures create an opportunity for unauthenticated attackers. If attackers can deceive users into clicking malicious links, they can execute arbitrary web scripts on the affected pages, potentially compromising user data and site integrity.",Wordpress,Turnkey Bbpress By Weavertheme,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,false,false,false,2025-01-04T09:22:37.090Z,0
CVE-2023-41951,https://securityvulnerability.io/vulnerability/CVE-2023-41951,"WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.6.14 - Broken Access Control vulnerability","A missing authorization vulnerability exists in rtMedia for WordPress, BuddyPress, and bbPress, allowing attackers to exploit improperly configured access control security levels. This could lead to unauthorized access to sensitive data and functionalities within the affected applications. It is crucial for users of rtMedia versions n/a through 4.6.14 to review their security configurations to prevent potential exploitation.",Wordpress,"Rtmedia For WordPress, Buddypress And Bbpress",4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-12-13T14:24:24.851Z,0
CVE-2024-11278,https://securityvulnerability.io/vulnerability/CVE-2024-11278,Reflected Cross-Site Scripting Vulnerability in BBPress Attachments Plugin,"The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,Gd Bbpress Attachments,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-11-20T04:31:28.809Z,0
CVE-2024-9896,https://securityvulnerability.io/vulnerability/CVE-2024-9896,bbPress Core Vulnerable to Reflected Cross-Site Scripting,"The BBP Core plugin for WordPress is susceptible to a Reflected Cross-Site Scripting vulnerability. This issue arises due to the use of the add_query_arg function without proper escaping on the URL across all versions through 1.2.5. As a result, unauthenticated attackers could exploit this vulnerability by crafting malicious links that, when clicked by users, execute arbitrary web scripts. Such exploitation poses significant security risks, making it imperative for users and administrators to ensure that they are using the latest, patched version of the plugin.",Wordpress,Bbp Core – Expand Bbpress Powered Forums With Useful Features,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-11-02T07:34:03.396Z,0
CVE-2024-3293,https://securityvulnerability.io/vulnerability/CVE-2024-3293,Blind SQL Injection Vulnerability in rtMedia Plugin Affects Sensitive Data,"The rtMedia for WordPress plugin, which supports BuddyPress and bbPress, has a vulnerability that allows for blind SQL Injection. This occurs through the rtmedia_gallery shortcode owing to inadequate escaping of user-supplied parameters and insufficient query preparation. As a result, authenticated attackers with contributor-level access or higher can inject additional SQL queries into existing ones, which may lead to unauthorized access to sensitive database information. This security flaw emphasizes the importance of proper input validation and secure coding practices in WordPress plugin development.",Wordpress,"Rtmedia For WordPress, Buddypress And Bbpress",8.8,HIGH,0.0004299999854993075,false,,false,false,true,true,false,false,2024-04-23T02:15:00.000Z,0
CVE-2023-5939,https://securityvulnerability.io/vulnerability/CVE-2023-5939,"rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Admin+ RCE","The rtMedia plugin for WordPress, which supports BuddyPress and bbPress, contains a vulnerability that allows privileged users to execute arbitrary code remotely. This occurs due to the improper handling of imported file contents in versions before 4.6.16. If exploited, this weakness can lead to severe security risks, including unauthorized actions taken by attackers with elevated privileges. Website administrators are strongly encouraged to update to the latest version to mitigate this issue.",Wordpress,"rtMedia for WordPress, BuddyPress and bbPress",7.2,HIGH,0.0021800000686198473,false,,false,false,false,,false,false,2023-12-26T19:15:00.000Z,0
CVE-2023-5931,https://securityvulnerability.io/vulnerability/CVE-2023-5931,"rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Subscriber+ RCE","The rtMedia plugin for WordPress, BuddyPress, and bbPress prior to version 4.6.16 is susceptible to a file upload vulnerability. This flaw results from improper validation of uploaded files, allowing users with low-privilege accounts, such as subscribers, to potentially upload arbitrary files, including PHP scripts. Such uploads could lead to unauthorized command execution on the server, posing significant security risks to affected WordPress sites.",Wordpress,"rtMedia for WordPress, BuddyPress and bbPress",8.8,HIGH,0.0008399999933317304,false,,false,false,false,,false,false,2023-12-26T19:15:00.000Z,0
CVE-2022-45816,https://securityvulnerability.io/vulnerability/CVE-2022-45816,WordPress GD bbPress Attachments Plugin <= 4.3.1 is vulnerable to Cross Site Scripting (XSS),Auth. Stored Cross-Site Scripting (XSS) vulnerability in GD bbPress Attachments plugin <= 4.3.1 on WordPress.,Wordpress,Gd Bbpress Attachments,4.8,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-12-06T21:32:27.423Z,0
CVE-2020-13693,https://securityvulnerability.io/vulnerability/CVE-2020-13693,,An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.,Wordpress,Bbpress,9.8,CRITICAL,0.728410005569458,false,,false,false,false,,false,false,2020-05-29T00:15:00.000Z,0
CVE-2020-13487,https://securityvulnerability.io/vulnerability/CVE-2020-13487,,"The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI.",Wordpress,Bbpress,4.8,MEDIUM,0.00279000005684793,false,,false,false,false,,false,false,2020-05-26T13:10:48.000Z,0
CVE-2018-21006,https://securityvulnerability.io/vulnerability/CVE-2018-21006,,The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF.,Wordpress,Bbpress Move Topics,8.8,HIGH,0.0007300000288523734,false,,false,false,false,,false,false,2019-08-27T11:56:05.000Z,0
CVE-2018-21005,https://securityvulnerability.io/vulnerability/CVE-2018-21005,,The bbp-move-topics plugin before 1.1.6 for WordPress has code injection.,Wordpress,Bbpress Move Topics,9.8,CRITICAL,0.001829999964684248,false,,false,false,false,,false,false,2019-08-27T11:54:00.000Z,0
CVE-2015-5481,https://securityvulnerability.io/vulnerability/CVE-2015-5481,,Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.,Wordpress,Gd Bbpress Attachments,,,0.024720000103116035,false,,false,false,false,,false,false,2015-08-18T17:00:00.000Z,0
CVE-2015-5482,https://securityvulnerability.io/vulnerability/CVE-2015-5482,,Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.,Wordpress,Gd Bbpress Attachments,,,0.0017900000093504786,false,,false,false,false,,false,false,2015-08-18T17:00:00.000Z,0