WordPress Plugin Vulnerabilities

bbPress < 2.6.5 - Unauthenticated Privilege Escalation when New User Registration enabled

Description

Raphael Karger discovered an unauthenticated privilege escalation issue when new user registration is enabled.

Affects Plugins

Plugin icon
bbpress
Fixed in 2.6.5

References

CVE
CVE-2020-13693
Exploitdb
48534
URL
https://bbpress.org/blog/2020/05/bbpress-2-6-5-is-out/

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
10.0 (critical)

Miscellaneous

Original Researcher
Raphael Karger
Verified
No
WPVDB ID
1a075d62-b5d2-4b58-a74f-73a0166aee12

Timeline

Publicly Published
2020-05-28 (about 5 years ago)
Added
2020-05-29 (about 5 years ago)
Last Updated
2026-05-11 (about 1 day ago)

Other

Published
Title
Published
2019-01-25
Title
Health Check & Troubleshooting <= 1.2.3 - Authenticated Lack of Authorisation
Published
2025-04-18
Title
UrbanGo Membership < 1.1 - Unauthenticated Privilege Escalation
Published
2025-11-26
Title
FindAll Listing < 1.1 - Unauthenticated Privilege Escalation
Published
2025-09-20
Title
Simple User Registration <= 6.4 - Authenticated (Contributor+) Privilege Escalation
Published
2020-01-24
Title
wpCentral < 1.4.8 - Privilege Escalation