CVE-2021-21389

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-21389

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21389.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-21389

Aliases

GHSA-m6j4-8r7p-wpp3

Published

2021-03-26T21:15:13Z

Modified

2024-05-29T22:12:26Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.

References

Affected packages

Git / github.com/buddypress/buddypress

Affected ranges

Type: GIT
Repo: https://github.com/buddypress/buddypress
Events: Introduced

9a29774bb86d2befe8c29ff8d75c4b55fbbcb71f

Fixed

de194818216fd5a84a67a8430c354ae6803fe280