bbPress unauthenticated privilege-escalation · CVE-2020-13693 · GitHub Advisory Database · GitHub

bbPress unauthenticated privilege-escalation

Critical severity GitHub Reviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Apr 25, 2024

Package

bbpress/bbpress (Composer)

Affected versions

< 2.6.5

Patched versions

2.6.5

Description

An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.

References

Published by the National Vulnerability Database

May 29, 2020

Published to the GitHub Advisory Database May 24, 2022

Reviewed Apr 25, 2024

Last updated Apr 25, 2024

Severity

Critical

9.8

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H