WordPress Plugin Vulnerabilities

BuddyForms < 2.8.10 - Email Verification Bypass due to Insufficient Randomness

Description

The plugin is vulnerable to Email Verification Bypass via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.

Affects Plugins

Plugin icon
buddyforms
Fixed in 2.8.10

References

CVE
CVE-2024-5149
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/a5c8d361-698b-4abd-bcdd-0361d3fd10c5

Miscellaneous

Original Researcher
István Márton
Verified
No
WPVDB ID
aa238cd4-4329-4891-b4ff-8268a5e18ae2

Timeline

Publicly Published
2024-06-04 (about 1 year ago)
Added
2024-06-11 (about 1 year ago)
Last Updated
2024-09-26 (about 1 year ago)

Other

Published
Title
Published
2021-08-19
Title
WP Cerber Security < 8.9.3 - 2FA Authentication Bypass
Published
2022-07-11
Title
YOP Poll < 6.4.3 - IP Spoofing
Published
2010-12-15
Title
Cforms & CformsII <= 14.10.1 - CAPTCHA Bypass
Published
2014-06-26
Title
JSON REST API 1.1 - JSONP SOP Bypass
Published
2025-11-26
Title
SKT PayPal for WooCommerce < 1.5 - Unauthenticated Payment Bypass