Vigil@nce - WordPress Buddypress: privilege escalation
February 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use groups of WordPress Buddypress, in order to
escalate his privileges.
Impacted products: WordPress Plugins
Severity: 2/4
Creation date: 13/02/2014
DESCRIPTION OF THE VULNERABILITY
The Buddypress plugin can be installed on WordPress.
However, creating groups does not require any privilege.
An attacker can therefore use groups of WordPress Buddypress, in
order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WordPress-Buddypress-privilege-escalation-14255