Lucene search
Hoangkien1020H1:1107282HistoryFeb 19, 2021 - 3:37 p.m.
WordPress: Privilege Escalation via REST API to Administrator leads to RCE
2021-02-1915:37:40
hoangkien1020
hackerone.com
33
wordpress
privilege escalation
buddypress
rest-api
administrator access
remote code execution
bug bounty
EPSS
0.824
Percentile
98.5%
Kien Hoang reported a privilege escalation vulnerability in the BuddyPress REST-API. Through this issue, if registrations for new users is enabled, a non-admin user can gain administrator access on the site.
The administrator access can then lead to remote code execution, as admins have the right to run code on the site.
Related
osv
osv
BuddyPress privilege escalation via REST API
2021-10-06 17:46:55
CVE-2021-21389
2021-03-26 21:15:13
cvelist
cvelist
CVE-2021-21389 BuddyPress privilege escalation via REST API
2021-03-26 20:15:14
prion
prion
Design/Logic Flaw
2021-03-26 21:15:00
githubexploit
githubexploit
Exploit for Incorrect Authorization in Buddypress
2021-05-31 14:12:26
checkpoint_advisories
checkpoint_advisories
WordPress BuddyPress Plugin Privilege Escalation (CVE-2021-21389)
2021-08-02 00:00:00
patchstack
patchstack
WordPress BuddyPress plugin <= 7.2.0 - Privilege Escalation vulnerability
2021-03-17 00:00:00
github
github
BuddyPress privilege escalation via REST API
2021-10-06 17:46:55
cve
cve
CVE-2021-21389
2021-03-26 21:15:13
wpvulndb
wpvulndb
BuddyPress < 7.2.1 - REST API Privilege Escalation
2021-03-17 00:00:00
openvas
openvas
WordPress BuddyPress Plugin 5.0.0 - 7.2.0 Privilege Escalation Vulnerability
2021-03-30 00:00:00
veracode
veracode
Privilege Escalation
2021-10-07 03:00:43
nuclei
nuclei
BuddyPress REST API <7.2.1 - Privilege Escalation/Remote Code Execution
2021-06-21 05:33:14
nvd
nvd
CVE-2021-21389
2021-03-26 21:15:13