Medium 5.3 Unfixed
2025-10-27≤ 2.9.0
CVE-2025-62973
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
Minimum safe version
2.8.16
Update to 2.8.16 or later to address 26 fixable vulnerabilities
Latest available2.9.0 ✓⚠ 2 vulnerabilities have no fix
High 8.8 Unfixed
2025-04-04≤ 2.9.0
WordPress BuddyForms Plugin <= 2.9.0 - Local File Inclusion vulnerability
Medium 6.4
2025-02-22< 2.8.16
CVE-2024-12038
Medium 6.4
2025-01-31< 2.8.14
CVE-2024-12037
Medium 6.3
2024-10-16< 2.6.3
Freemius SDK <= 2.4.2 - Missing Authorization Checks
Medium 5.9
2024-10-05< 2.8.13
CVE-2024-47377
High 8.8
2024-09-16< 2.8.12
WordPress BuddyForms Plugin <= 2.8.11 is vulnerable to Privilege Escalation
Medium 5.3
2024-06-05< 2.8.10
CVE-2024-5149
High 7.5
2024-05-17< 2.8.9
CVE-2024-32830
Medium 5.8
2024-03-27< 2.8.6
CVE-2024-30198
Medium 4.3
2024-03-13< 2.8.8
CVE-2024-1158
High 7.5
2024-03-07< 2.8.8
CVE-2024-1169
High 8.2
2024-03-07< 2.8.8
CVE-2024-1170
N/A
2023-07-18< 2.8.3
WordPress BuddyForms Plugin < 2.8.3 is vulnerable to Cross Site Scripting (XSS)
Medium 6.5
2023-08-25< 2.8.2
CVE-2023-25981
N/A
2023-05-11< 2.8.2
Post, Registration and Profile Form Builder – FrontEnd Editor BuddyForms – Easy WordPress Forms <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
N/A
2023-02-21< 2.7.8
WordPress BuddyForms Plugin <= 2.7.7 is vulnerable to PHP Object Injection
Critical 9.8
2023-02-23< 2.7.8
CVE-2023-26326
N/A
2023-02-20< 2.7.8
BuddyForms <= 2.7.7 - PHAR Deserialization
N/A
2019-02-25< 2.3.2
Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update
N/A
2022-03-04< 2.6.3
Freemius SDK <= 2.4.2 - Missing Authorization Checks
N/A
2022-06-26< 2.6.10
Post, Registration and Profile Form Builder – FrontEnd Editor BuddyForms – Easy WordPress Forms <= 2.6.9 - Cross-Site Scripting
Medium 4.7
2023-03-16< 2.7.3
CVE-2022-38971
N/A
< 2.3.2
Freemius Library < 2.2.4 - Subscriber+ Arbitrary Option Update
N/A
2019-03-05< 2.3.2
WordPress BuddyForms plugin <= 2.3.1 - Authenticated Option Update vulnerability (Fremius Library security issue)
N/A
2022-02-28< 2.6.3
WordPress BuddyForms plugin <= 2.6.2 - Sensitive Information Disclosure vulnerability
N/A
2022-02-28< 2.6.3
WordPress BuddyForms plugin <= 2.6.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Critical 9.8
2019-08-27< 2.2.8
CVE-2018-21003