Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Themekraft Subscribe
Filtered by product Buddyforms
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-26326 1 Themekraft 1 Buddyforms 2023-03-03 N/A 9.8 CRITICAL
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.
CVE-2018-21003 1 Themekraft 1 Buddyforms 2019-08-28 7.5 HIGH 9.8 CRITICAL
The buddyforms plugin before 2.2.8 for WordPress has SQL injection.