WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

BuddyPress < 7.2.1 - Manage BuddyPress Member Types

Description

The BuddyPress WordPress plugin, versions before 7.2.1, fixed a vulnerability that could allow a user that has just been demoted from an Administrator role to a Subscriber to add/edit/delete BuddyPress Member Types from the Administration screens introduced in the 7.0.0 release.

Affects Plugins

buddypress
Fixed in version 7.2.1

References

URL
https://codex.buddypress.org/releases/version-7-2-1/
URL
https://buddypress.org/2021/03/buddypress-7-2-1-security-release/

Classification

Type

IDOR

OWASP top 10
A5: Broken Access Control
CWE
CWE-284

Miscellaneous

Original Researcher

Kien

Verified

No

WPVDB ID
36f64ef2-7a50-4446-b3ee-17cda6e29eb4

Timeline

Publicly Published

2021-03-17 (about 2 years ago)

Added

2021-03-17 (about 2 years ago)

Last Updated

2021-03-19 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin