Lucene search
K

5 matches found

OSV
OSV
added 2021/03/26 9:15 p.m.28 views

CVE-2021-21389

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in...

8.8CVSS6.4AI score
Exploits0References3
Prion
Prion
added 2021/03/26 9:15 p.m.20 views

Design/Logic Flaw

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in...

9CVSS8.5AI score0.13882EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2021/03/26 8:15 p.m.178 views

CVE-2021-21389

BuddyPress (WordPress plugin) prior to 7.2.1 is affected by a REST API privilege-escalation vulnerability that can lead to remote code execution. A non-privileged user could exploit the REST API members endpoint (v1/members/me) to gain administrator rights. Affected versions are 5.0.0 through 7.2...

9CVSS8.2AI score0.13882EPSS
In wildExploits2References3Affected Software1
securityvulns
securityvulns
added 2006/05/25 12:0 a.m.35 views

AlstraSoft E-Friends - XSS

AlstraSoft E-Friends - XSS Homepage: http://www.alstrasoft.com/ Description: Alstrasoft E-friends allows you to run a community site like MySpace and Friendster. Effected files or areas of site: index.php The input forms on the following items belowdo not properlly filter out all potential harmfu...

1.2AI score
Exploits0
Microsoft KB
Microsoft KB
added 1970/01/01 12:0 a.m.28 views

Security update 1970-01-01

...

5.3AI score
Exploits0
Rows per page
Query Builder