WordPress Plugin Vulnerabilities
BuddyPress < 7.2.1 - Read Private Messages
Description
The BuddyPress WordPress plugin, versions before 7.2.1, fixed a vulnerability that could allow a member to read private messages in a thread they were not invited to, using the BuddyPress REST API buddypress/v1/messages endpoint.
Affects Plugins
References
Classification
Type
IDOR
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Kien
Verified
No
WPVDB ID
Timeline
Publicly Published
2021-03-17 (about 3 years ago)
Added
2021-03-17 (about 3 years ago)
Last Updated
2021-03-19 (about 3 years ago)