BuddyForms < 2.7.6 – Contributor+ Stored XSS | CVE 2022-38971

Affects Plugins

buddyforms

Fixed in 2.7.6

References

CVE

CVE-2022-38971

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

thiennv

Verified

No

WPVDB ID

125cf1e0-c4e0-4a81-bae2-033adbc6cfb9

Timeline

Publicly Published

2022-10-27 (about 3 years ago)

Added

2023-03-17 (about 3 years ago)

Last Updated

2023-03-17 (about 3 years ago)

Other

Published

Title

Published

2024-03-28

Title

130+ Widgets | Best Addons For Elementor – FREE < 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-06-26

Title

Ninja Forms < 3.10.2.2 - Contributor+ Stored XSS via CSTI

Published

2025-04-02

Title

Unlimited Elements For Elementor < 1.5.143 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-04-04

Title

Happy Addons for Elementor < 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy

Published

2025-11-07

Title

Mang Board WP < 2.3.2 - Reflected Cross-Site Scripting