CVE-2017-6954 – BuddyPress Docs <= 1.9.2 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2017-6954
An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions. readelf en GNU Binutils 2.28 tiene un error de uso después de liberación de memoria (específicamente de lectura después de liberación de memoria) al procesar múltiples secciones reubicadas en un binario MSP430. Esto es provocado por no manejar correctamente un índice de símbolo no válido, y no manejar correctamente el estado a través de invocaciones. • http://www.securityfocus.com/bid/97238 https://github.com/boonebgorges/buddypress-docs/commit/75293ed4e5f31f04e54689bfe2c647e3e3f5e1a9 https://wordpress.org/plugins/buddypress-docs/changelog • CWE-269: Improper Privilege Management •
CVE-2014-1888 – BuddyPress <= 1.9.1 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-1888
Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. NOTE: this can be exploited without authentication by leveraging CVE-2014-1889. Vulnerabilidad de XSS en el plugin BuddyPress anterior a 1.9.2 para WordPress permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través del campo name hacia groups/create/step/group-details. NOTA: esto puede ser explotado sin autenticación mediante el aprovechamiento de CVE-2014-1889. Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. • http://buddypress.org/2014/02/buddypress-1-9-2 http://osvdb.org/103307 http://packetstormsecurity.com/files/125212/WordPress-Buddypress-1.9.1-Cross-Site-Scripting.html http://secunia.com/advisories/56950 http://www.securityfocus.com/archive/1/531049/100/0/threaded http://www.securityfocus.com/bid/65555 https://exchange.xforce.ibmcloud.com/vulnerabilities/91175 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-1889 – BuddyPress <= 1.9.1 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2014-1889
The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check. El proceso de creación de grupos en el plugin Buddypress, en versiones anteriores a la 1.9.2 para WordPress, permite que usuarios autenticados remotos obtengan el control de grupos arbitrarios aprovechando una falta de comprobación de permisos. The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check. An attacker could exploit this vulnerability to modify the name, description, avatar and settings of groups. WordPress Buddypress plugin versions 1.9.1 and below suffer from a privilege escalation vulnerability. • https://www.exploit-db.com/exploits/31571 http://www.securityfocus.com/archive/1/531050/100/0/threaded http://www.securityfocus.com/bid/65554 https://buddypress.org/2014/02/buddypress-1-9-2 https://exchange.xforce.ibmcloud.com/vulnerabilities/91261 • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVE-2012-2109 – BuddyPress - 1.5-1.5.4 - SQL Injection
https://notcve.org/view.php?id=CVE-2012-2109
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action. Vulnerabilidad de inyección SQL en wp-load.php en el complemento BuddyPress v1.5.x antes de v1.5.5 para WordPress, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro page en una acción activity_widget_filter • https://www.exploit-db.com/exploits/18690 http://buddypress.org/2012/03/buddypress-1-5-5 http://osvdb.org/80763 http://seclists.org/bugtraq/2012/Apr/4 http://www.exploit-db.com/exploits/18690 http://www.openwall.com/lists/oss-security/2012/04/15/2 http://www.openwall.com/lists/oss-security/2012/04/16/10 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •