Lucene search
+L

654 matches found

Vulnerability Lab
Vulnerability Lab
added 2020/11/13 12:0 a.m.57 views

Buddypress v6.2.0 WP Plugin - Persistent Web Vulnerability

Document Title: =============== Buddypress v6.2.0 WP Plugin - Persistent Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2263 Release Date: ============= 2020-11-13 Vulnerability Laboratory ID VL-ID: ===================================...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2020/04/02 3:9 p.m.25 views

WordPress: Improper Access Control in Buddypress core allows reply,delete any user's activity

Description: Improper Access Control in Buddypress core allows reply,delete any user's activity in other public group,which they don't join. Steps To Reproduce: Step 1: Create two account A, B with two public groups Step 2: In group A-account A, create a new activity idA Step 3: In group B-accoun...

1AI score
Exploits0
Hacker One
Hacker One
added 2020/04/02 10:44 a.m.21 views

WordPress: Privilege Escalation in BuddyPress core allows Moderate to Administrator

Description: BuddyPress core allows Moderate to Administrator in Manage Group Members module Steps To Reproduce: Step 1 : Create two account with two groups Step 2 : In account A, create group abc with this two users. Step 3 : Administrator in group abc promote account B to Moderator Step 4 : In...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2020/04/01 1:28 p.m.19 views

WordPress: CSRF in Profile Fields allows deleting any field in BuddyPress

Description: CSRF in Profile Fields allows deleting any field in BuddyPress Version: Latest Steps To Reproduce: Step1: Using a form like so to create the CSRF: history.pushState'', '', '/' Change your domain and idfield Step 2: When admin click with step 1 was hidden in images,.... Step1 will all...

1.6AI score
Exploits0
Hacker One
Hacker One
added 2020/03/29 8:52 a.m.29 views

WordPress: Allow authenticated users can edit, trash,and add new in BuddyPress Emails function

Description: Allow author can edit, trash,and add new your posts in BuddyPress Emails function And editor can edit,trash, add new any posts in BuddyPress Emails default. Steps To Reproduce: Step 1 : Create two accounts: Admin and Author Step 2: Login with admin account. In admin account, give...

0.3AI score
Exploits0
Patchstack
Patchstack
added 2020/03/24 12:0 a.m.23 views

WordPress Buddypress Component Stats plugin <= 1.0 - Unauthenticated Local File Inclusion (LFI) vulnerability

Unauthenticated Local File Inclusion LFI vulnerability discovered by Random Robbie in WordPress Buddypress Component Stats plugin versions = 1.0. Solution Plugin closed. Deactivate and delete...

6.8CVSS2.7AI score0.39231EPSS
Exploits6References2Affected Software1
OpenVAS
OpenVAS
added 2020/02/28 12:0 a.m.47 views

WordPress BuddyPress Plugin < 5.1.2 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.112705";...

8CVSS7.7AI score0.01944EPSS
Exploits0References3
Veracode
Veracode
added 2020/02/25 4:39 a.m.25 views

Information Disclosure

buddypress is vulnerable to information disclosure. Requests to a some of the REST API endpoints can allow an unauthenticated remote attacker to obtain private user data...

8CVSS3.9AI score0.01944EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2020/02/25 12:0 a.m.3 views

BuddyPress Access Control Error Vulnerability

BuddyPress is a plugin suite that turns WordPress into a social networking site. An Access Control Error vulnerability exists in BuddyPress versions prior to 5.1.2. The vulnerability stems from a network system or product that does not properly restrict access to resources from unauthorized roles...

8CVSS6.8AI score0.01944EPSS
Exploits0References1
NVD
NVD
added 2020/02/24 6:15 p.m.28 views

CVE-2020-5244

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

8CVSS7.8AI score0.01944EPSS
Exploits0References3
OSV
OSV
added 2020/02/24 6:15 p.m.13 views

CVE-2020-5244

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

7.5CVSS7.5AI score
Exploits0References3
Prion
Prion
added 2020/02/24 6:15 p.m.19 views

Authentication flaw

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

5CVSS7.5AI score0.01944EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2020/02/24 5:25 p.m.83 views

CVE-2020-5244

CVE-2020-5244 affects the WordPress BuddyPress plugin prior to version 5.1.2. The vulnerability allows an unauthenticated attacker to trigger requests to a REST API endpoint and disclose private user data. The root cause is an information-disclosure flaw in the exposed REST endpoint, enabling exp...

8CVSS7.5AI score0.01944EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/02/24 5:25 p.m.36 views

CVE-2020-5244 Private data exposure via REST API in BuddyPress

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

8CVSS7.8AI score0.01944EPSS
Exploits0References3
OSV
OSV
added 2020/02/24 5:18 p.m.29 views

GHSA-3J78-7M59-R7GV Private data exposure via REST API in BuddyPress

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

8CVSS7.5AI score0.01944EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2020/02/24 5:18 p.m.108 views

Private data exposure via REST API in BuddyPress

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

8CVSS4.4AI score0.01944EPSS
Exploits0References5Affected Software1
WPVulnDB
WPVulnDB
added 2020/01/03 12:0 a.m.9 views

BuddyPress 5.0.0 - 5.1.1 - Private Data Exposure via REST API

Certain REST API requests could result in the exposure of private data...

2.4AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/12/23 12:0 a.m.14 views

BuddyPress < 5.1.1 - Denial of Service

A denied of service was fixed that could allow a logged in user to remove another user’s avatar and also any empty folder...

3.6AI score
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/11/20 12:0 a.m.6 views

WordPress buddypress-activity-plus plugin cross-site request forgery vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress buddypress-activity-plus plugin. The...

8.1CVSS6.8AI score0.00715EPSS
Exploits0References1
NVD
NVD
added 2019/10/07 3:15 p.m.18 views

CVE-2015-9455

The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...

8.1CVSS8.2AI score0.00715EPSS
Exploits0References2
Rows per page
Query Builder