cleantalk
Vulnerabilities and Security Researches

Wbcom Designs – BuddyPress Group Reviews, CVE-2022-2108

CVE, Research URL

CVE-2022-2108

Home page URL

Security reports for Wbcom Designs – BuddyPress Group Reviews

Application

Wbcom Designs – BuddyPress Group Reviews

Published on
Jul 18, 2022
Research Description
The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. This makes it possible for unauthenticated attackers to modify reviews and plugin settings on the affected site.
Affected versions
max 2.8.4.
Status
vulnerable
Previous vulnerability researches
Wbcom Designs – BuddyPress Group Reviews (CVE-2022-2108) , Jun 06, 2024
Wbcom Designs – BuddyPress Group Reviews (dc16c7b0b542f8afa7dafd55e2f68f72e9f422be) , Jun 06, 2024
New vulnerability
Theme Editor (CVE-2025-9890) , Nov 10, 2025
wpForo Forum (CVE-2025-4203) , Nov 10, 2025
wpForo Forum (CVE-2025-11740) , Nov 10, 2025
Estatik Real Estate Plugin (CVE-2025-62963) , Nov 10, 2025
Interactive Content – H5P (CVE-2025-62951) , Nov 10, 2025