CVE-2021-21389
Incorrect Authorization in packagist/buddypress/buddypress
Identifiers
CVE-2021-21389, GHSA-m6j4-8r7p-wpp3
Package Slug
packagist/buddypress/buddypress
Vulnerability
Incorrect Authorization
Description
BuddyPress is an open source WordPress plugin to build a community site. In vulnerable releases of BuddyPress, it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint
Affected Versions
All versions starting from 5.0.0 before 7.2.1
Solution
Upgrade to version 7.2.1 or above.
Last Modified
2021-04-09
| source |