ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Buddypress Plugin 1.9.1 - Privilege Escalation

Product
BuddyPress
Description
Buddypress plugin is prone tu vulnerability that allows an attacker to take control of every group (change name, description, avatar and settings).
Solution
Upgrade the plugin.
Classification
Type BYPASS
References
Exploit-DB
CVE
Name CVE-2014-1889
Versions
Affected In <= 1.9.1
Fixed In 1.9.2
Disclosure date
2014-02-11
Credits
Pietro Oliva