Browse all 5 CVE security advisories affecting BuddyBoss. AI-powered Chinese analysis, POCs, and references for each vulnerability.
BuddyBoss provides a platform for creating online communities and learning management systems using WordPress. Historically, vulnerabilities have included stored cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. The platform has addressed multiple critical security issues, with five CVEs recorded to date. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities highlights the importance of regular updates and security hardening for implementations handling sensitive user data and community interactions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-1909 | BuddyBoss Platform Pro <= 2.7.01 - Authentication Bypass via Apple OAuth provider — BuddyBoss Platform ProCWE-288 | 9.8 | Critical | 2025-05-05 |
| CVE-2023-45755 | WordPress BuddyPress Global Search Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) — BuddyPress Global SearchCWE-79 | 5.9 | Medium | 2023-10-24 |
| CVE-2023-32671 | BuddyBoss XSS vulnerability — BuddyBossCWE-79 | 6.3 | Medium | 2023-10-03 |
| CVE-2023-32670 | BuddyBoss XSS vulnerability — BuddyBossCWE-79 | 9.0 | Critical | 2023-10-03 |
| CVE-2023-32669 | Authorization Bypass on BuddyBoss — BuddyBossCWE-639 | 5.4 | Medium | 2023-10-03 |
This page lists every published CVE security advisory associated with BuddyBoss. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.