Description
WordPress Plugin BuddyPress is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions. WordPress Plugin BuddyPress version 2.3.4 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 2.3.5, 2.0.4, 2.1.2, 2.2.4 or latest
References
Related Vulnerabilities
MySQL CVE-2021-35602 Vulnerability (CVE-2021-35602)
WordPress Plugin Simple Security Multiple Cross-Site Scripting Vulnerabilities (1.1.5)
IBM WebSEAL Improper Certificate Validation Vulnerability (CVE-2019-4150)
Drupal Core 7.x Remote Code Execution (7.0 - 7.73)
WordPress Plugin DP Maintenance Mode Lite Cross-Site Scripting (1.3.2)