bbPress

Vulnerabilities 17Slug bbpressLatest version 2.6.14WordPress.org →

Minimum safe version

2.6.12

Update to 2.6.12 or later to address 17 fixable vulnerabilities

Latest available2.6.14
Medium 6.3
2025-03-05< 2.6.12

WordPress bbPress Plugin <= 2.6.11 is vulnerable to Cross Site Request Forgery (CSRF)

EUVDPatchstackWordfenceCVE
N/A
2016-05-03< 2.5.9

bbPress < 2.5.9 - Stored Cross-Site Scripting

Wordfence
N/A
2016-07-13< 2.5.10

bbPress <= 2.5.9 - Cross-Site Scripting

Wordfence
N/A
2017-11-13< 2.5.13

bbPress < 2.5.13 - Unauthenticated Blind SQL Injection

Wordfence
N/A
< 2.0

bbPress - Multiple Script Malformed Input Path Disclosure

WPScan
N/A
< 2.0

bbPress - forum.php page Parameter SQL Injection

WPScan
N/A
< 2.5.9

bbPress &lt;= 2.5.8 - Stored Cross-Site Scripting (XSS)

WPScan
N/A
< 2.5.10

bbPress &lt;= 2.5.9 - Display Name &amp; Avatar Potential Cross-Site Scripting (XSS)

WPScan
N/A
< 2.5.13

bbPress &lt;= 2.5.12 - Unauthenticated SQL Injection

WPScan
N/A
< 2.6.0

bbPress &lt; 2.6.0 - Subscriber+ Stored Cross-Site Scripting via Post Slug

WPScan
N/A
≥ 2.6 and < 2.6.5

bbPress 2.6-2.6.5 - Authenticated Privilege Escalation via the Super Moderator feature

WPScan
N/A
2012-11-01< 1.1

WordPress bbPress Plugin - Multiple Vulnerabilities

Patchstack
N/A
2016-05-03< 2.5.9

WordPress bbPress Plugin <= 2.5.8 - Stored Cross Site Scripting

Patchstack
N/A
2016-07-14< 2.5.10

WordPress bbPress Plugin <= 2.5.9 - Cross Site Scripting

Patchstack
N/A
2020-05-28< 2.6.5

WordPress bbPress plugin <= 2.6.4 - Authenticated Privilege Escalation vulnerability

Patchstack
Medium 4.8
2020-05-28< 2.6.5

bbPress <= 2.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting via the forums list table

WordfenceCVEWPScan
Critical 9.8
2020-05-29< 2.6.5

WordPress bbPress plugin <= 2.6.4 - Unauthenticated Privilege Escalation vulnerability

PatchstackCVEWordfenceWPScan