Email Verification Bypass Vulnerability Affects All Versions of BuddyForms Plugin

CVE-2024-5149

5.3MEDIUM

Key Information

Vendor: Svenl77
Status: Post Form – Registration Form – Profile Form For User Profiles – Frontend Content Forms For User Submissions (ugc)
Vendor: CVE Published:; 5 June 2024

Summary

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.

Affected Version(s)

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.9

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 5, 2024
Vulnerability Reserved.
May 20, 2024

Collectors

NVD DatabaseMitre Database

Credit

István Márton