Vulnerabilities and security researches forreview-buddypress-groups review-buddypress-groups

Jun 06, 2024

CVE, Research URL: CVE-2022-2108
Home page URL: Security reports for Wbcom Designs – BuddyPress Group Reviews
Application: Wbcom Designs – BuddyPress Group Reviews
Date: Jul 18, 2022
Research Description: The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. This makes it possible for unauthenticated attackers to modify reviews and plugin settings on the affected site.
Affected versions: max 2.8.4.
Status: vulnerable

CVE, Research URL: dc16c7b0b542f8afa7dafd55e2f68f72e9f422be
Home page URL: Security reports for Wbcom Designs – BuddyPress Group Reviews
Application: Wbcom Designs – BuddyPress Group Reviews
Date: Apr 11, 2022
Research Description: Wbcom Designs – BuddyPress Group Reviews [review-buddypress-groups] <= 2.8.2 (unfixed) WordPress Wbcom Designs – BuddyPress Group Reviews plugin <= 2.8.2 - Arbitrary Plugin Installation, Activation and Deactivation vulnerability Arbitrary Plugin Installation, Activation and Deactivation vulnerability discovered by Mary (JJ) Jay in WordPress Wbcom Designs – BuddyPress Group Reviews plugin (versions <= 2.8.2).
Affected versions: max 2.8.2.
Status: vulnerable