Boss Media Buddyboss Platform vulnerabilities

CVE-2024-13858 [MEDIUM] CWE-79 CVE-2024-13858: The BuddyBoss Platform plugin and BuddyBoss Theme for WordPress is vulnerable to Stored Cross-Site S The BuddyBoss Platform plugin and BuddyBoss Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘invitee_name’ parameter in all versions up to, and including, 2.8.50 and 2.8.41, respectively, due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level acces

CVE-2024-13859 [MEDIUM] CWE-79 CVE-2024-13859: The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bp The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bp_nouveau_ajax_media_save’ function in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary

CVE-2024-13860 [MEDIUM] CWE-79 CVE-2024-13860: The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bb The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bbp_topic_title’ parameter in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web script

CVE-2024-13402 [MEDIUM] CWE-79 CVE-2024-13402: The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘li The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_title’ parameter in all versions up to, and including, 2.7.70 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in