The BuddyPress plugin for WordPress is at risk of unauthorized access in versions up to and including 7.2.1. This is because the activity REST-API Endpoint does not have proper authorization validation. This means that someone with an account can ‘favorite’ private and hidden activity that they are not supposed to be able to see.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
