654 matches found
Buddypress v6.2.0 WP Plugin - Persistent Web Vulnerability
Document Title: =============== Buddypress v6.2.0 WP Plugin - Persistent Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2263 Release Date: ============= 2020-11-13 Vulnerability Laboratory ID VL-ID: ===================================...
WordPress: Improper Access Control in Buddypress core allows reply,delete any user's activity
Description: Improper Access Control in Buddypress core allows reply,delete any user's activity in other public group,which they don't join. Steps To Reproduce: Step 1: Create two account A, B with two public groups Step 2: In group A-account A, create a new activity idA Step 3: In group B-accoun...
WordPress: Privilege Escalation in BuddyPress core allows Moderate to Administrator
Description: BuddyPress core allows Moderate to Administrator in Manage Group Members module Steps To Reproduce: Step 1 : Create two account with two groups Step 2 : In account A, create group abc with this two users. Step 3 : Administrator in group abc promote account B to Moderator Step 4 : In...
WordPress: CSRF in Profile Fields allows deleting any field in BuddyPress
Description: CSRF in Profile Fields allows deleting any field in BuddyPress Version: Latest Steps To Reproduce: Step1: Using a form like so to create the CSRF: history.pushState'', '', '/' Change your domain and idfield Step 2: When admin click with step 1 was hidden in images,.... Step1 will all...
WordPress: Allow authenticated users can edit, trash,and add new in BuddyPress Emails function
Description: Allow author can edit, trash,and add new your posts in BuddyPress Emails function And editor can edit,trash, add new any posts in BuddyPress Emails default. Steps To Reproduce: Step 1 : Create two accounts: Admin and Author Step 2: Login with admin account. In admin account, give...
WordPress Buddypress Component Stats plugin <= 1.0 - Unauthenticated Local File Inclusion (LFI) vulnerability
Unauthenticated Local File Inclusion LFI vulnerability discovered by Random Robbie in WordPress Buddypress Component Stats plugin versions = 1.0. Solution Plugin closed. Deactivate and delete...
WordPress BuddyPress Plugin < 5.1.2 Information Disclosure Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.112705";...
Information Disclosure
buddypress is vulnerable to information disclosure. Requests to a some of the REST API endpoints can allow an unauthenticated remote attacker to obtain private user data...
BuddyPress Access Control Error Vulnerability
BuddyPress is a plugin suite that turns WordPress into a social networking site. An Access Control Error vulnerability exists in BuddyPress versions prior to 5.1.2. The vulnerability stems from a network system or product that does not properly restrict access to resources from unauthorized roles...
CVE-2020-5244
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...
CVE-2020-5244
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...
Authentication flaw
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...
CVE-2020-5244
CVE-2020-5244 affects the WordPress BuddyPress plugin prior to version 5.1.2. The vulnerability allows an unauthenticated attacker to trigger requests to a REST API endpoint and disclose private user data. The root cause is an information-disclosure flaw in the exposed REST endpoint, enabling exp...
CVE-2020-5244 Private data exposure via REST API in BuddyPress
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...
GHSA-3J78-7M59-R7GV Private data exposure via REST API in BuddyPress
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...
Private data exposure via REST API in BuddyPress
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...
BuddyPress 5.0.0 - 5.1.1 - Private Data Exposure via REST API
Certain REST API requests could result in the exposure of private data...
BuddyPress < 5.1.1 - Denial of Service
A denied of service was fixed that could allow a logged in user to remove another user’s avatar and also any empty folder...
WordPress buddypress-activity-plus plugin cross-site request forgery vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress buddypress-activity-plus plugin. The...
CVE-2015-9455
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...