Description
WordPress Plugin Wbcom Designs-BuddyPress Group Reviews is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify reviews and plugin settings on the website. WordPress Plugin Wbcom Designs-BuddyPress Group Reviews version 2.8.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.8.4 or latest
References
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2108
https://plugins.svn.wordpress.org/review-buddypress-groups/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Business Hours Pro Arbitrary File Upload (5.5.0)
WordPress Plugin Easy Table Cross-Site Scripting (1.6)
WordPress Plugin YouTube Embed Cross-Site Scripting (5.2.1)
WordPress Plugin WP-Matomo (WP-Piwik) Cross-Site Scripting (1.0.4)
WordPress Plugin Slimstat Analytics Cross-Site Scripting (4.8)