Back
WordPress BuddyPress plugin <= 6.3.0 - Excessive user capabilities in possible rich text fields vulnerability
- Product
- BuddyPress
- Description
- Excessive user capabilities in possible rich text fields vulnerability found in WordPress BuddyPress plugin (versions <= 6.3.0).
- Solution
- Update the WordPress BuddyPress plugin to the latest available version (at least 6.4.0 - Maintenance and Security Release).
- Classification
-
Type Unknown
OWASP Top 10 A7: Missing Function Level Access Control
- References
-
Plugin changelog
- CVE
- Name CVE-N/A
- Versions
-
Affected In
<= 6.3.0
Fixed In 6.4.0
- Disclosure date
- 2020-11-29
- Credits
- BuddyPress