ThreatPress

WordPress Vulnerabilities Database

Back

WordPress BuddyPress Activity Plus Plugin 1.5 - CSRF

Product
BuddyPress Activity Plus
Description
BuddyPress Activity Plus plugin is prone to a cross-site request forgery that allows an attacker to delete any file which PHP process can delete.
Solution
Upgrade the plugin.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.5
Fixed In 1.6
Disclosure date
2015-07-17
Credits
Tom Adams