CVE-2021-21389, GHSA-m6j4-8r7p-wpp3
packagist/buddypress/buddypress
Incorrect Authorization
BuddyPress is an open source WordPress plugin to build a community site. In vulnerable releases of BuddyPress, it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint
All versions starting from 5.0.0 before 7.2.1
Upgrade to version 7.2.1 or above.
2021-04-09
source |