Cross-site Scripting Vulnerability in BuddyPress Plugin for WordPress
CVE-2014-1888

Currently unrated

Key Information:

Vendor

Wordpress
Status
Buddypress
Vendor
CVE Published:
1 March 2014

What is CVE-2014-1888?

This vulnerability allows remote authenticated users to inject arbitrary web script or HTML through the name field when creating groups in BuddyPress. If exploited, it can compromise user sessions and potentially lead to unauthorized actions on behalf of the user. Additionally, this vulnerability can be exploited without the need for authentication by leveraging related vulnerabilities, heightening the overall risk to users and the platform.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/65555
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/91175
vdb-entryx_refsource_XF
http://secunia.com/advisories/56950
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.