Vulnerabilities > CVE-2021-21389 - Unspecified vulnerability in Buddypress
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.
Vulnerable Configurations
References
- https://buddypress.org/2021/03/buddypress-7-2-1-security-release/
- https://buddypress.org/2021/03/buddypress-7-2-1-security-release/
- https://codex.buddypress.org/releases/version-7-2-1/
- https://codex.buddypress.org/releases/version-7-2-1/
- https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3
- https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3