CVE-2020-13487

Name of the Vulnerable Software and Affected Versions bbPress plugin versions through 2.6.4

Description The issue concerns stored XSS in the Forum creation section of the bbPress plugin, allowing JavaScript execution at the "wp-admin/edit.php?post type=forum" API endpoint, which is the Forum listing page, for all users. An administrator can exploit this at the "wp-admin/post.php?action=edit" URI.

Recommendations For bbPress plugin versions through 2.6.4, update to a version later than 2.6.4 to resolve the issue. As a temporary workaround, consider restricting access to the Forum creation section and the Forum listing page to minimize the risk of exploitation. Avoid using the affected API endpoints until the issue is resolved.