Impact
It's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the BuddyPress REST API members endpoint.
Patches
The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.
References
https://buddypress.org/2021/03/buddypress-7-2-1-security-release/
For more information
If you have any questions or comments about this advisory:
Impact
It's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the BuddyPress REST API members endpoint.
Patches
The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.
References
https://buddypress.org/2021/03/buddypress-7-2-1-security-release/
For more information
If you have any questions or comments about this advisory: