Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:D196D099-E9CA-4E57-904B-A46AF65F7445
HistoryJun 16, 2022 - 12:00 a.m.

BuddyPress Group Reviews < 2.8.4 - Subscriber+ Arbitrary Settings Update & Review Modification

2022-06-1600:00:00
wpscan.com
14
buddypress
group reviews
plugin
missing capability
csrf checks
ajax functions
authenticated users
arbitrary settings
modify reviews

EPSS

0.001

Percentile

40.4%

JSON

The plugin is missing capability and CSRF checks in various of its AJAX functions available to any authenticated users, which could allow users with a role as low as subscriber to update arbitrary settings and modify reviews

Related

nvd 1
cvelist 1
cve 1
prion 1
patchstack 1
nvd
nvd
CVE-2022-2108
2022-07-18 17:15:08
cvelist
cvelist
CVE-2022-2108
2022-07-18 16:12:54
cve
cve
CVE-2022-2108
2022-07-18 17:15:08
prion
prion
Design/Logic Flaw
2022-07-18 17:15:00
patchstack
patchstack
WordPress BuddyPress Group Reviews plugin <= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass
2022-06-16 00:00:00

EPSS

0.001

Percentile

40.4%

JSON
Related for WPVDB-ID:D196D099-E9CA-4E57-904B-A46AF65F7445
nvd1cvelist1cve1prion1patchstack1