ThreatPress

WordPress Vulnerability Database

Back

WordPress BuddyPress plugin <= 6.3.0 - Excessive user capabilities in possible rich text fields vulnerability

Product
BuddyPress
Description
Excessive user capabilities in possible rich text fields vulnerability found in WordPress BuddyPress plugin (versions <= 6.3.0).
Solution
Update the WordPress BuddyPress plugin to the latest available version (at least 6.4.0 - Maintenance and Security Release).
Classification
Type Unknown
OWASP Top 10 A7: Missing Function Level Access Control
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 6.3.0
Fixed In 6.4.0
Disclosure date
2020-11-29
Credits
BuddyPress