4 matches found
CVE-2024-11913
The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajaxpreviewlink' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web...
CVE-2024-11913
CVE-2024-11913 affects the WordPress plugin Activity Plus Reloaded for BuddyPress, with Blind SSRF via ajax_preview_link in all versions up to 1.1.1. Reported by Wordfence; authenticated attackers with Subscriber+ can induce web requests from the app to internal or arbitrary locations, potentiall...
CVE-2024-11913 Activity Plus Reloaded for BuddyPress <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery
The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajaxpreviewlink' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web...
CVE-2024-11913 Activity Plus Reloaded for BuddyPress <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery
The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajaxpreviewlink' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web...