CVE-2021-21389: Incorrect Authorization

March 26, 2021 (updated April 1, 2021)

BuddyPress is an open source WordPress plugin to build a community site. In vulnerable releases of BuddyPress, it’s possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint

References

buddypress.org/2021/03/buddypress-7-2-1-security-release/
codex.buddypress.org/releases/version-7-2-1/
nvd.nist.gov/vuln/detail/CVE-2021-21389

Code Behaviors & Features

Detect and mitigate CVE-2021-21389 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →