CVE-2022-45075 – Activity Reactions For Buddypress <= 1.0.22 - Missing Authorization

https://notcve.org/view.php?id=CVE-2022-45075

The Activity Reactions For Buddypress plugin for WordPress is vulnerable to missing authorization checks in versions up to, and including, 1.0.22 on the ai_front_smiley function. This makes it possible for subscriber-level to enable and disable reactions. • CWE-284: Improper Access Control •