Post Form – Registration Form – Profile Form For User Profiles – Frontend Content Forms For User Submissions (Ugc)
Approved changes feed: RSS · Atom
cpe:2.3:a:themekraft:post_form_–_registration_form_–_profile_form_for_user_profiles_–_frontend_content_forms_for_user_submissions_(ugc):*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Themekraft (0a38db96-7a4d-5481-be58-9f9a542a5ea6) |
|---|---|
| Product | Post Form – Registration Form – Profile Form For User Profiles – Frontend Content Forms For User Submissions (Ugc) (bcb1691d-c8ee-5499-8b42-02950a549ff9) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-8246 |
vulnerable | 2026-06-08 07:00:23.359709 |
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.11 - Authenticated (Contributor+) Privilege Escalation
HIGH (8.8)
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not properly restricting what users have access to set the default role on registration forms. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with a custom role that allows them to register as administrators.
Published: 2024-09-14T03:19:27.488Z
Updated: 2026-04-08T16:48:24.571Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5149 |
vulnerable | 2026-06-08 06:56:15.005912 |
BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness
MEDIUM (6.5)
The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.
Published: 2024-06-05T04:32:25.171Z
Updated: 2026-04-08T17:13:20.043Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1170 |
vulnerable | 2026-06-08 06:25:39.448401 |
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Deletion
HIGH (8.2)
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handle_deleted_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to delete arbitrary media files.
Published: 2024-03-07T11:01:57.635Z
Updated: 2026-04-08T16:46:27.040Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1169 |
vulnerable | 2026-06-08 06:25:39.446430 |
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Upload
HIGH (7.5)
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyforms_upload_handle_dropped_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to upload media files.
Published: 2024-03-07T11:01:58.218Z
Updated: 2026-04-08T16:59:20.960Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1158 |
vulnerable | 2026-06-08 06:25:39.423824 |
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization
MEDIUM (4.3)
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyforms_new_page function in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber access or higher, to create pages with arbitrary titles. These pages are published.
Published: 2024-03-13T15:26:34.952Z
Updated: 2026-04-08T16:37:53.681Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12038 |
vulnerable | 2026-06-08 06:23:51.041757 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12037 |
vulnerable | 2026-06-08 06:23:51.041222 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4974 |
vulnerable | 2026-06-08 05:52:02.472956 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.