PT-2021-14468 · Unknown · Buddypress

Kien Hoang

·

Published

2021-03-26

·

Updated

2021-10-06

·

CVE-2021-21389

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions BuddyPress versions 5.0.0 through 7.2.0
Description A non-privileged, regular user can obtain administrator rights by exploiting an issue in the REST API members endpoint.
Recommendations For BuddyPress versions 5.0.0 through 7.2.0, update to version 7.2.1 to mitigate the issue.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2021-21389
GHSA-M6J4-8R7P-WPP3

Affected Products

Buddypress