CVE-2022-2108 Wbcom Designs – BuddyPress Group Reviews <= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass

The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. This makes it...

BuddyPress Group Reviews < 2.8.4 - Subscriber+ Arbitrary Settings Update & Review Modification

The plugin is missing capability and CSRF checks in various of its AJAX functions available to any authenticated users, which could allow users with a role as low as subscriber to update arbitrary settings and modify reviews...

WordPress BuddyPress Group Reviews plugin <= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass

Unauthorized AJAX Actions due to Nonce Bypass discovered by Marco Wotschka / Wordfence in WordPress BuddyPress Group Reviews plugin versions = 2.8.3. Solution Update the WordPress BuddyPress Group Reviews plugin to the latest available version at least 2.8.4...

WordPress Wbcom Designs – BuddyPress Group Reviews plugin <= 2.8.0 - Arbitrary Plugin Installation, Activation and Deactivation vulnerability

Arbitrary Plugin Installation, Activation and Deactivation vulnerability discovered by Mary JJ Jay in WordPress Wbcom Designs – BuddyPress Group Reviews plugin versions = 2.8.0. Solution Update the WordPress Wbcom Designs – BuddyPress Group Reviews plugin to the latest available version at least...