WordPress Plugin Vulnerabilities

bbPress 2.6-2.6.5 - Authenticated Privilege Escalation via the Super Moderator feature

Description

hoangkien1020 discovered an authenticated privilege escalation issue via the super moderator feature.

Affects Plugins

Plugin icon
bbpress
Fixed in 2.6.5

References

URL
https://bbpress.org/blog/2020/05/bbpress-2-6-5-is-out/
URL
https://bbpress.trac.wordpress.org/changeset/7089

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
8.7 (high)

Miscellaneous

Original Researcher
hoangkien1020
Verified
No
WPVDB ID
2b39417e-7d74-476b-92b3-95d062a84f96

Timeline

Publicly Published
2020-05-28 (about 5 years ago)
Added
2020-05-29 (about 5 years ago)
Last Updated
2020-05-30 (about 5 years ago)

Other

Published
Title
Published
2024-03-29
Title
WholesaleX < 1.3.3 - Unauthenticated Privilege Escalation
Published
2024-11-25
Title
AppPresser < 4.4.7 - Unauthenticated Privilege Escalation via Password Reset
Published
2024-08-02
Title
JetFormBuilder < 3.3.4.2 - Authenticated (Administrator+) Privilege Escalation
Published
2025-01-13
Title
Homey <= 2.4.1 - Authenticated (Subscriber+) Privilege Escalation
Published
2018-10-11
Title
WooCommerce <= 3.4.5 - Authenticated File Deletion to Privilege Escalation