5 matches found
CVE-2021-21389
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in...
Design/Logic Flaw
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in...
CVE-2021-21389
BuddyPress (WordPress plugin) prior to 7.2.1 is affected by a REST API privilege-escalation vulnerability that can lead to remote code execution. A non-privileged user could exploit the REST API members endpoint (v1/members/me) to gain administrator rights. Affected versions are 5.0.0 through 7.2...
AlstraSoft E-Friends - XSS
AlstraSoft E-Friends - XSS Homepage: http://www.alstrasoft.com/ Description: Alstrasoft E-friends allows you to run a community site like MySpace and Friendster. Effected files or areas of site: index.php The input forms on the following items belowdo not properlly filter out all potential harmfu...
Security update 1970-01-01
...