cleantalk
Vulnerabilities and Security Researches

Wbcom Designs – BuddyPress Group Reviews, 38941ffe47ab697bbd9bd96f16432044f1f980d9

CVE, Research URL

38941ffe47ab697bbd9bd96f16432044f1f980d9

Home page URL

Security reports for Wbcom Designs – BuddyPress Group Reviews

Application

Wbcom Designs – BuddyPress Group Reviews

Published on
Apr 13, 2022
Research Description
Wbcom Designs &#8211; BuddyPress Group Reviews [review-buddypress-groups] < 2.8.1 Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation Several WordPress plugins by Wbcom Designs were vulnerable to arbitrary plugin installation, activation and deactivation due to missing authorization checks on the wp_ajax_wbcom_manage_plugin_installation AJAX action function wbcom_do_plugin_action.
Affected versions
max 2.8.1.
Status
vulnerable
Previous vulnerability researches
WP-Appbox (CVE-2025-1489) , Feb 24, 2025
WP-Appbox (b78e4a3b-e432-4968-8b83-125f3bac15cd) , Jun 16, 2026
WP-Appbox (38323495c61fe870f9687d2fb34e8fdaa47f2cea) , Jun 16, 2026
WP-Appbox (cec60394318af09fd303e279df20a93f055a959c) , Jun 16, 2026
WP-Appbox (CVE-2024-12710) , Dec 25, 2024
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026