CVSS: 4.3EPSS: %CPEs: 1EXPL: 0CVE-2023-41951 – rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 - Missing Authorization via export_settings
https://notcve.org/view.php?id=CVE-2023-41951
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the export_settings function in versions up to, and including, 4.6.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to export plugin settings. • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: %CPEs: 1EXPL: 0CVE-2022-45075 – Activity Reactions For Buddypress <= 1.0.22 - Missing Authorization
https://notcve.org/view.php?id=CVE-2022-45075
The Activity Reactions For Buddypress plugin for WordPress is vulnerable to missing authorization checks in versions up to, and including, 1.0.22 on the ai_front_smiley function. This makes it possible for subscriber-level to enable and disable reactions. • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 82%CPEs: 1EXPL: 1CVE-2021-21389 – BuddyPress privilege escalation via REST API
https://notcve.org/view.php?id=CVE-2021-21389
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue. BuddyPress es un plugin de WordPress de código abierto para crear un sitio comunitario. • https://github.com/HoangKien1020/CVE-2021-21389 https://buddypress.org/2021/03/buddypress-7-2-1-security-release https://codex.buddypress.org/releases/version-7-2-1 https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3 • CWE-863: Incorrect Authorization •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5244 – Private data exposure via REST API in BuddyPress
https://notcve.org/view.php?id=CVE-2020-5244
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2. En BuddyPress versiones anteriores a 5.1.2, las peticiones a un determinado endpoint de la API REST pueden resultar en que los datos de usuarios privados estén expuestos. No es necesaria una autenticación. • https://buddypress.org/2020/01/buddypress-5-1-2 https://github.com/buddypress/BuddyPress/commit/39294680369a0c992290577a9d740f4a2f2c2ca3 https://github.com/buddypress/BuddyPress/security/advisories/GHSA-3j78-7m59-r7gv • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6954 – BuddyPress Docs <= 1.9.2 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2017-6954
An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions. readelf en GNU Binutils 2.28 tiene un error de uso después de liberación de memoria (específicamente de lectura después de liberación de memoria) al procesar múltiples secciones reubicadas en un binario MSP430. Esto es provocado por no manejar correctamente un índice de símbolo no válido, y no manejar correctamente el estado a través de invocaciones. • http://www.securityfocus.com/bid/97238 https://github.com/boonebgorges/buddypress-docs/commit/75293ed4e5f31f04e54689bfe2c647e3e3f5e1a9 https://wordpress.org/plugins/buddypress-docs/changelog • CWE-269: Improper Privilege Management •