An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.
Max CVSS
9.8
EPSS Score
83.25%
Published
2020-05-29
Updated
2021-12-13
The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI.
Max CVSS
4.8
EPSS Score
0.27%
Published
2020-05-26
Updated
2020-05-28
bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files.
Max CVSS
5.0
EPSS Score
0.29%
Published
2011-09-23
Updated
2012-03-13
bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter.
Max CVSS
6.1
EPSS Score
0.12%
Published
2020-02-05
Updated
2020-02-06
SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the "quircky slashes bug."
Max CVSS
7.5
EPSS Score
0.87%
Published
2007-06-15
Updated
2011-03-08
Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header.
Max CVSS
4.3
EPSS Score
0.66%
Published
2007-06-15
Updated
2017-07-29
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!