WordPress BuddyPress Activity Plus Plugin 1.5 - CSRF
- BuddyPress Activity Plus
- BuddyPress Activity Plus plugin is prone to a cross-site request forgery that allows an attacker to delete any file which PHP process can delete.
- Upgrade the plugin.
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
- Name CVE-N/A
Fixed In 1.6
- Disclosure date
- Tom Adams