CVE-2025-31033 – WordPress Buddypress Humanity plugin <= 1.2 - CSRF to Privilege Escalation vulnerability

https://notcve.org/view.php?id=CVE-2025-31033

09 Apr 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity allows Cross Site Request Forgery. This issue affects Buddypress Humanity: from n/a through 1.2. The Buddypress Humanity plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to elevate the privileges of an arbitrary user via a forged request granted they can... • https://packetstorm.news/files/id/190410 • CWE-352: Cross-Site Request Forgery (CSRF) •