Vulnerability Database

318,755

Total vulnerabilities in the database

CVE-2024-5149

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.

Published: Jun 5, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-5149
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWEs:

CWE-330

Affected Software
References

Software	From	Fixed in
themekraft / buddyforms	-	2.8.9.x

https://plugins.trac.wordpress.org/browser/buddyforms/tags/2.8.9/includes/wp-insert-user.php#L334
https://www.wordfence.com/threat-intel/vulnerabilities/id/a5c8d361-698b-4abd-bcdd-0361d3fd10c5?source=cve

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo