- EPSS 13.88%
- Veröffentlicht 26.03.2021 21:15:13
- Zuletzt bearbeitet 21.11.2024 05:48:15
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members ...
CVE-2020-5244
- EPSS 1.94%
- Veröffentlicht 24.02.2020 18:15:22
- Zuletzt bearbeitet 21.11.2024 05:33:45
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.
CVE-2014-1889
- EPSS 10.82%
- Veröffentlicht 10.04.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 02:05:13
The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.
CVE-2017-6954
- EPSS 1.12%
- Veröffentlicht 17.03.2017 09:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions.
CVE-2014-1888
- EPSS 2.59%
- Veröffentlicht 01.03.2014 00:01:09
- Zuletzt bearbeitet 29.04.2026 01:13:23
Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. NOTE: this can be exploited...
CVE-2012-2109
- EPSS 3.46%
- Veröffentlicht 04.09.2012 20:55:02
- Zuletzt bearbeitet 16.06.2026 23:41:00
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.