Description
WordPress Plugin BuddyPress is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions. WordPress Plugin BuddyPress version 2.3.4 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 2.3.5, 2.0.4, 2.1.2, 2.2.4 or latest
References
Related Vulnerabilities
Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-7464)
WordPress Plugin OneLogin SAML SSO Unspecified Vulnerability (2.1.8)
SharePoint CVE-2020-1335 Vulnerability (CVE-2020-1335)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-2064)
WordPress Plugin Gravity Forms Cross-Site Scripting (1.9.15.11)