BadgeOS

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   BadgeOS

Information

Software Type Plugin
Software Slug badgeos (view on wordpress.org)
Software Status Removed
Software Author learningtimes
Software Website www.badgeos.org
Software Downloads 300,508
Software Active Installs 3,000
Software Record Last Updated September 21, 2023

7 vulnerabilities

BadgeOS <= 3.7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
5.4
CVE-2023-2171
Jul 5, 2023
Researcher: Alex Thomas
BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion
6.5
CVE-2023-2173
Jul 5, 2023
Researcher: Alex Thomas
BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite
4.3
CVE-2023-2172
Jul 5, 2023
Researcher: Alex Thomas
BadgeOS <= 3.7.1.6 - Missing Authorization in delete_badgeos_log_entries
4.3
CVE-2023-2174
Jul 5, 2023
Researcher: Alex Thomas
BadgeOS <= 3.7.1.6 - Cross-Site Request Forgery
4.3
CVE-2022-41987
Apr 18, 2023
Researcher: Lana Codes
BadgeOS <= 3.7.1.2 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2022-2958
Aug 23, 2022
Researcher: cydave
BadgeOS <= 3.7.0 - Unauthenticated SQL Injection
9.8
CVE-2022-0817
Apr 13, 2022
Researcher: cydave
Title CVE ID CVSS Researchers Date
BadgeOS <= 3.7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-2171 5.4 Alex Thomas July 5, 2023
BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion CVE-2023-2173 6.5 Alex Thomas July 5, 2023
BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite CVE-2023-2172 4.3 Alex Thomas July 5, 2023
BadgeOS <= 3.7.1.6 - Missing Authorization in delete_badgeos_log_entries CVE-2023-2174 4.3 Alex Thomas July 5, 2023
BadgeOS <= 3.7.1.6 - Cross-Site Request Forgery CVE-2022-41987 4.3 Lana Codes April 18, 2023
BadgeOS <= 3.7.1.2 - Authenticated (Subscriber+) SQL Injection CVE-2022-2958 8.8 cydave August 23, 2022
BadgeOS <= 3.7.0 - Unauthenticated SQL Injection CVE-2022-0817 9.8 cydave April 13, 2022

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation