WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

BuddyPress < 7.2.1 - Invite Member to Join Group

Description

The BuddyPress WordPress plugin, versions before 7.2.1, fixed a vulnerability that could allow a member to invite another member to join a group without being friends when that group restricted invites to friends only, using BuddyPress Nouveau and the BuddyPress REST API buddypress/v1/groups/invites endpoint.

Affects Plugins

buddypress
Fixed in version 7.2.1

References

URL
https://codex.buddypress.org/releases/version-7-2-1/
URL
https://buddypress.org/2021/03/buddypress-7-2-1-security-release/

Classification

Type

IDOR

OWASP top 10
A5: Broken Access Control
CWE
CWE-284

Miscellaneous

Original Researcher

Kien

Verified

No

WPVDB ID
26be48e8-0fa8-4c5b-846e-af46e27822cb

Timeline

Publicly Published

2021-03-17 (about 2 years ago)

Added

2021-03-17 (about 2 years ago)

Last Updated

2021-03-19 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin