GCVE - cpe:2.3:a:themekraft:post_form:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:themekraft:post_form:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Themekraft (`0a38db96-7a4d-5481-be58-9f9a542a5ea6`)
Product	Post Form (`89cd6623-c8fc-5d14-8e10-bb46e5684afd`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-1170`	vulnerable	2026-06-08 06:25:39.448578	Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Deletion HIGH (8.2) The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handle_deleted_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to delete arbitrary media files. Published: 2024-03-07T11:01:57.635Z Updated: 2026-04-08T16:46:27.040Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/380c646c-fd95-408a-89eb-3e646768bbc5?source=cve https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1493 https://plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk?contextall=1&old=3031945&old_path=%2Fbuddyforms%2Ftrunk#file7	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1169`	vulnerable	2026-06-08 06:25:39.447908	Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Upload HIGH (7.5) The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyforms_upload_handle_dropped_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to upload media files. Published: 2024-03-07T11:01:58.218Z Updated: 2026-04-08T16:59:20.960Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/6d14a90d-65ea-45da-956b-0735e2e2b538?source=cve https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1466 https://plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk/includes/functions.php?contextall=1&old=3023795&old_path=%2Fbuddyforms%2Ftrunk%2Fincludes%2Ffunctions.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-25981`	vulnerable	2026-06-08 05:56:11.867016	WordPress BuddyForms Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS) MEDIUM (6.5) Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <= 2.8.1 versions. Published: 2023-08-25T09:54:38.822Z Updated: 2026-04-28T16:08:11.010Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/buddyforms/wordpress-buddyforms-plugin-2-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.