The BuddyPress WordPress plugin released version 7.3.0, a maintenance & security release, which included fixes for various authenticated REST API authorisation vulnerabilities. The 7.3.0 release addresses four security issues: - A vulnerability was fixed that could allow a member to create a group on behalf of another member via a REST API endpoint. - A vulnerability was fixed that could allow members to favorite any private/hidden activities they shouldn’t access to via a REST API endpoint. - A vulnerability was fixed that could allow the creator of a group to still be able to update or delete it after being demoted as a regular member of it via a REST API endpoint. - A vulnerability was fixed that could allow group’s banned members to remove themselves from the group and still be able to join it or request a membership to it via a REST API endpoint. It is recommended that BuddyPress users update to at least version 7.3.0.
Kien Hoang
No
2021-04-14 (about 1 years ago)
2021-04-14 (about 1 years ago)
2021-04-18 (about 1 years ago)