Vulnerabilidades em ThemeKraft
21 resultadosCVE-2024-2025HIGHBuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.20 - Authenticated (Subscriber+) PHP Object Injection in get_simple_requestEPSS 0.8%CVE-2025-32151HIGHWordPress BuddyForms Plugin <= 2.9.0 - Local File Inclusion vulnerabilityEPSS 0.8%CVE-2024-1170HIGHPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media DeletionEPSS 0.7%CVE-2024-32830HIGHWordPress buddyforms plugin <= 2.8.8- Arbitrary File Read and SSRF vulnerabilityEPSS 0.6%CVE-2024-1169HIGHPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media UploadEPSS 0.6%CVE-2024-32603HIGHWordPress WooBuddy plugin <= 3.4.20 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2024-1158MEDIUMPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing AuthorizationEPSS 0.5%CVE-2024-8246HIGHPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.11 - Authenticated (Contributor+) Privilege EscalationEPSS 0.4%CVE-2022-4974MEDIUMFreemius SDK <= 2.4.2 - Missing Authorization ChecksEPSS 0.4%CVE-2022-38971MEDIUMWordPress BuddyForms Plugin <= 2.7.5 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2024-5149MEDIUMBuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient RandomnessEPSS 0.4%CVE-2023-25981MEDIUMWordPress BuddyForms Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2024-35726MEDIUMWordPress WooBuddy plugin <= 3.4.19 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-30198MEDIUMWordPress Buddyforms plugin <= 2.8.5 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-47377MEDIUMWordPress BuddyForms plugin <= 2.8.12 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-1780MEDIUMBuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings UpdateEPSS 0.2%CVE-2024-13358MEDIUMBuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings UpdateEPSS 0.2%CVE-2024-12037MEDIUMFrontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2024-12038MEDIUMFrontend Content Forms for User Submissions (UGC) <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' ShortcodeEPSS 0.2%CVE-2023-5823MEDIUMWordPress TK Google Fonts GDPR Compliant Plugin <= 2.2.11 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%