CVE-2013-4944

BuddyPress Extended Friendship Request <1.0.2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers to inject arbitrary web script or HTML via the friendship_request_message parameter to wp-admin/admin-ajax.php. NOTE: some of these details are obtained from third party information.

References (4)

[Third Party Advisory, VDB Entry] http://osvdb.org/94807

[Vendor Advisory] http://secunia.com/advisories/54048

[Product] http://wordpress.org/plugins/buddypress-extended-friendship-request/changelog/

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/85416

Scores

EPSS 0.0026

EPSS Percentile 49.7%

Details

CWE

CWE-79

Status published

Products (3)

fusedpress/buddypress-extended-frienship-request < 1.0.1

fusedpress/buddypress-extended-frienship-request

n/a/n/a

Published Jul 29, 2013

Tracked Since Feb 18, 2026