WordPress Plugin Vulnerabilities

BuddyPress 2.0-2.7.3 - Arbitrary File Deletion

Description

The BuddyPress WordPress plugin was affected by an Arbitrary File Deletion security vulnerability.

Affects Plugins

Plugin icon
buddypress
Fixed in 2.7.4

References

URL
https://wptavern.com/buddypress-2-7-4-patches-security-vulnerability-that-could-allow-arbitrary-file-deletion
URL
https://buddypress.org/2016/12/buddypress-2-7-4-security-release/

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287

Miscellaneous

Original Researcher
Sam Pizzey
Verified
No
WPVDB ID
797fc2f3-64f8-4e94-be5e-d5a12d859609

Timeline

Publicly Published
2016-12-23 (about 7 years ago)
Added
2017-01-03 (about 7 years ago)
Last Updated
2021-03-17 (about 3 years ago)

Other

Published
Title
Published
2015-03-21
Title
WP Marketplace <= 2.4.0 - Arbitrary File Download
Published
2014-08-01
Title
WordPress 3.7.1 & 3.8.1 - Potential Authentication Cookie Forgery
Published
2016-07-06
Title
WP Maintenance Mode <= 2.0.6 - Missing Settings Authorization
Published
2021-08-24
Title
Booster for WooCommerce < 5.4.4 - Authentication Bypass
Published
2014-08-01
Title
Spam Free Plugin 1.9.2 - IP Blocklist Restriction Bypass