Description
WordPress Plugin BuddyPress is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently remove another user's avatar and also any empty folder. WordPress Plugin BuddyPress version 5.1.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 5.1.1 or latest
References
Related Vulnerabilities
LimeSurvey Other Vulnerability (CVE-2014-5018)
WordPress Plugin Affiliate PRO Cross-Site Scripting (1.3.1)
WordPress Plugin Accept Stripe Donation-AidWP Cross-Site Request Forgery (3.1.5)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-6727)
Coppermine Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7186)