Vulnerability Description
The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. This makes it possible for unauthenticated attackers to modify reviews and plugin settings on the affected site.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wbcomdesigns | Buddypress Group Reviews | < 2.8.4 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/review-buddypress-groups/trunk/includProduct
- https://plugins.trac.wordpress.org/changeset/2742109Patch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/397dabc3-5dcf-4d1f-9e2Third Party Advisory
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2108Third Party Advisory
- https://plugins.trac.wordpress.org/browser/review-buddypress-groups/trunk/includProduct
- https://plugins.trac.wordpress.org/changeset/2742109Patch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/397dabc3-5dcf-4d1f-9e2Third Party Advisory
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2108Third Party Advisory
FAQ
What is CVE-2022-2108?
CVE-2022-2108 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in s...
How severe is CVE-2022-2108?
CVE-2022-2108 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2108?
Check the references section above for vendor advisories and patch information. Affected products include: Wbcomdesigns Buddypress Group Reviews.