CVE-2021-21389
Summary
| CVE | CVE-2021-21389 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-03-26 21:15:00 UTC |
| Updated | 2021-04-01 15:45:00 UTC |
| Description | BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue. |
Risk And Classification
Problem Types: CWE-863
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Buddypress | Buddypress | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Version 7.2.1 · BuddyPress Codex | MISC | codex.buddypress.org | |
| BuddyPress privilege escalation via REST API · Advisory · buddypress/BuddyPress · GitHub | CONFIRM | github.com | |
| BuddyPress 7.2.1 Security Release · BuddyPress.org | MISC | buddypress.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.