PT-2022-14861 · Wbcom Designs · Buddypress Group Reviews
Marco Wotschka
·
Published
2022-07-18
·
Updated
2023-10-24
·
CVE-2022-2108
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Wbcom Designs – BuddyPress Group Reviews for WordPress versions up to, and including, 2.8.3
Description
The issue allows unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions. This makes it possible for unauthenticated attackers to modify reviews and plugin settings on the affected site.
Recommendations
For versions up to, and including, 2.8.3, update to a version that includes proper capability checks and nonce checks to prevent unauthorized modifications.
As a temporary workaround, consider restricting access to the functions related to settings changes and review modification until a patch is available.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Buddypress Group Reviews