cleantalk
Vulnerabilities and Security Researches

Wbcom Designs – BuddyPress Group Reviews, f5d05900-a3aa-4bf3-9647-b47b62fa7358

CVE, Research URL

f5d05900-a3aa-4bf3-9647-b47b62fa7358

Home page URL

Security reports for Wbcom Designs – BuddyPress Group Reviews

Application

Wbcom Designs – BuddyPress Group Reviews

Published on
Apr 11, 2022
Research Description
Wbcom Designs &#8211; BuddyPress Group Reviews [review-buddypress-groups] < 2.8.1 Wbcom Designs Plugins - Subscriber+ Arbitrary Plugin Installation, Activation and Deactivation Multiple Plugins from Wbcom Designs have an AJAX action without authorisation and CSRF checks, allowing any logged in user to install, activate or deactivate a plugin on the site.
Affected versions
max 2.8.1.
Status
vulnerable
Previous vulnerability researches
WP-Appbox (CVE-2025-1489) , Feb 24, 2025
WP-Appbox (b78e4a3b-e432-4968-8b83-125f3bac15cd) , Jun 16, 2026
WP-Appbox (38323495c61fe870f9687d2fb34e8fdaa47f2cea) , Jun 16, 2026
WP-Appbox (cec60394318af09fd303e279df20a93f055a959c) , Jun 16, 2026
WP-Appbox (CVE-2024-12710) , Dec 25, 2024
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026