bbPress < 2.6.12 – Cross-Site Request Forgery to Limited Privilege Escalation | CVE 2025-1435 | Plugin Vulnerabilities

Description

The bbPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.11. This is due to missing or incorrect nonce validation on the bbp_user_add_role_on_register() function. This makes it possible for unauthenticated attackers to elevate their privileges to that of a bbPress Keymaster via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Rather than implementing a nonce check to provide protection against this vulnerability, which would break functionality, the plugin no longer makes it possible to select a role during registration.

Affects Plugins

Fixed in 2.6.12

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/2d776d94-8c81-4e88-bae3-946824a75c09

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Brian Mungai

Verified

No

WPVDB ID

ed6d373d-953b-4b92-ab48-68c30a66a0cd

Timeline

Publicly Published

2025-03-04 (about 1 year ago)

Added

2025-03-04 (about 1 year ago)

Last Updated

2025-03-05 (about 1 year ago)

Other

Published

Title

Published

2024-07-22

Title

ListingPro < 2.9.5 - Cross-Site Request Forgery to Account Takeover

Published

2024-12-16

Title

SMS for WooCommerce < 2.8.1.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

Published

2024-12-12

Title

Like in Vk.com <= 0.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2026-04-21

Title

mCatFilter <= 0.5.2 - Cross-Site Request Forgery via compute_post() Function

Published

2024-11-28

Title

FastBook – Responsive Appointment Booking and Scheduling System <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting