Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Themekraft Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-38971 1 Themekraft 1 Post Form Registration Form Profile Form For User Profiles And Content Forms 2023-03-22 N/A 5.4 MEDIUM
Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin <= 2.7.5 versions.
CVE-2023-26326 1 Themekraft 1 Buddyforms 2023-03-03 N/A 9.8 CRITICAL
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.
CVE-2018-21003 1 Themekraft 1 Buddyforms 2019-08-28 7.5 HIGH 9.8 CRITICAL
The buddyforms plugin before 2.2.8 for WordPress has SQL injection.