Vulnerabilities and security researches forreview-buddypress-groups review-buddypress-groups
Direction: ascendingJun 06, 2024
Wbcom Designs – BuddyPress Group Reviews # CVE-2022-2108
- CVE, Research URL
- Application
- Date
- Jul 18, 2022
- Research Description
- The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. This makes it possible for unauthenticated attackers to modify reviews and plugin settings on the affected site.
- Affected versions
-
max 2.8.4.
- Status
-
vulnerable
Wbcom Designs – BuddyPress Group Reviews # dc16c7b0b542f8afa7dafd55e2f68f72e9f422be
- CVE, Research URL
- Application
- Date
- Apr 11, 2022
- Research Description
- Wbcom Designs – BuddyPress Group Reviews [review-buddypress-groups] < 2.8.1 WordPress Wbcom Designs – BuddyPress Group Reviews plugin <= 2.8.2 - Arbitrary Plugin Installation, Activation and Deactivation vulnerability Arbitrary Plugin Installation, Activation and Deactivation vulnerability discovered by Mary (JJ) Jay in WordPress Wbcom Designs – BuddyPress Group Reviews plugin (versions <= 2.8.2).
- Affected versions
-
max 2.8.1.
- Status
-
vulnerable
Jun 16, 2026
Wbcom Designs – BuddyPress Group Reviews # 7ea635ac1315df0a804f72ba5d819ddb225a9e99
- CVE, Research URL
- Application
- Date
- May 25, 2022
- Research Description
- Wbcom Designs – BuddyPress Group Reviews [review-buddypress-groups] < 2.8.2 Wbcom Designs – BuddyPress Group Reviews <= 2.8.1 - Cross-Site Scripting The Wbcom Designs – BuddyPress Group Reviews plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 2.8.2.
- Status
-
vulnerable
Wbcom Designs – BuddyPress Group Reviews # f5d05900-a3aa-4bf3-9647-b47b62fa7358
- CVE, Research URL
- Application
- Date
- Apr 11, 2022
- Research Description
- Wbcom Designs – BuddyPress Group Reviews [review-buddypress-groups] < 2.8.1 Wbcom Designs Plugins - Subscriber+ Arbitrary Plugin Installation, Activation and Deactivation Multiple Plugins from Wbcom Designs have an AJAX action without authorisation and CSRF checks, allowing any logged in user to install, activate or deactivate a plugin on the site.
- Affected versions
-
max 2.8.1.
- Status
-
vulnerable
Wbcom Designs – BuddyPress Group Reviews # 38941ffe47ab697bbd9bd96f16432044f1f980d9
- CVE, Research URL
- Application
- Date
- Apr 13, 2022
- Research Description
- Wbcom Designs – BuddyPress Group Reviews [review-buddypress-groups] < 2.8.1 Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Several WordPress plugins by Wbcom Designs were vulnerable to arbitrary plugin installation, activation and deactivation due to missing authorization checks on the wp_ajax_wbcom_manage_plugin_installation AJAX action function wbcom_do_plugin_action.
- Affected versions
-
max 2.8.1.
- Status
-
vulnerable