bbPress < 2.6.5 - Unauthenticated Privilege Escalation when New User Registration enabled



Description
Raphael Karger discovered an unauthenticated privilege escalation issue when new user registration is enabled.

Affects Plugin

fixed in version 2.6.5

References

CVE 2020-13693
ExploitDB 48534
URL https://bbpress.org/blog/2020/05/bbpress-2-6-5-is-out/

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Original Researcher Raphael Karger
Views 2039
Verified No
WPVDB ID 10242

Timeline

Publicly Published 2020-05-28 (about 1 month ago)
Added 2020-05-29 (about 1 month ago)
Last Updated 2020-06-02 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin