bbpress/bbpress
Packagist3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting bbpress/bbpresspage 1 of 1
- CVE-2011-1150MEDIUMCVSS 6.1EG 6.12020-02-05
bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter.
- CVE-2020-13487MEDIUMCVSS 4.8EG 4.82020-05-26
The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit th…
- CVE-2020-13693CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.6.52020-05-29
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.
Check whether bbpress/bbpress is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for bbpress/bbpress CVEs against the assets you own.
Start Free Scan →