WordPress Plugin Vulnerabilities

BuddyPress Activity Plus < 1.6.2 - Cross-Site Request Forgery (CSRF)

Description

The BuddyPress Activity Plus WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
buddypress-activity-plus
Fixed in 1.6.2

References

CVE
CVE-2015-9455
URL
https://packetstormsecurity.com/files/#132702/
URL
https://advisories.dxw.com/advisories/csrf-and-arbitrary-file-deletion-in-buddypress-activity-plus-1-5/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.1 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
53a1e457-29bf-4cbc-9f8e-27860d530b42

Timeline

Publicly Published
2015-07-14 (about 10 years ago)
Added
2015-07-15 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-11-08
Title
Product Catalog Simple < 1.7.6 - Cross-Site Request Forgery via ic_system_status
Published
2022-10-25
Title
SEO Redirection Plugin < 9.1 - Multiple CSRF
Published
2024-05-09
Title
Church Admin < 4.2.0 - Cross-Site Request Forgery
Published
2025-02-24
Title
Woocommerce – Loi Hamon <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-07-03
Title
Login/Signup Popup < 2.4 - Settings Reset via CSRF