Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for buddypress_group_reviews by wbcomdesigns

    CVE-2022-2108 (GCVE-0-2022-2108)

    Vulnerability from nvd – Published: 2022-07-18 16:12 – Updated: 2026-04-08 16:46
    VLAI
    Title
    Wbcom Designs – BuddyPress Group Reviews <= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass
    Summary
    The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. This makes it possible for unauthenticated attackers to modify reviews and plugin settings on the affected site.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Marco Wotschka
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:24:44.238Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/397dabc3-5dcf-4d1f-9e24-28af889cb76f?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/review-buddypress-groups/trunk/includes/bgr-ajax.php#L359"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2742109"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2108"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2108",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:15:17.210471Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-862",
                    "description": "CWE-862 Missing Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T16:20:27.901Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wbcom Designs \u2013 BuddyPress Group Reviews",
              "vendor": "wbcomdesigns",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marco Wotschka"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The plugin Wbcom Designs \u2013 BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. This makes it possible for unauthenticated attackers to modify reviews and plugin settings on the affected site."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:46:44.679Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/397dabc3-5dcf-4d1f-9e24-28af889cb76f?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/review-buddypress-groups/trunk/includes/bgr-ajax.php#L359"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2742109"
            },
            {
              "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2108"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2022-05-27T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2022-06-16T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Wbcom Designs \u2013 BuddyPress Group Reviews \u003c= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2022-2108",
        "datePublished": "2022-07-18T16:12:54.000Z",
        "dateReserved": "2022-06-16T00:00:00.000Z",
        "dateUpdated": "2026-04-08T16:46:44.679Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-2108 (GCVE-0-2022-2108)

    Vulnerability from cvelistv5 – Published: 2022-07-18 16:12 – Updated: 2026-04-08 16:46
    VLAI
    Title
    Wbcom Designs – BuddyPress Group Reviews <= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass
    Summary
    The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. This makes it possible for unauthenticated attackers to modify reviews and plugin settings on the affected site.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Marco Wotschka
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:24:44.238Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/397dabc3-5dcf-4d1f-9e24-28af889cb76f?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/review-buddypress-groups/trunk/includes/bgr-ajax.php#L359"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2742109"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2108"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2108",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:15:17.210471Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-862",
                    "description": "CWE-862 Missing Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T16:20:27.901Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wbcom Designs \u2013 BuddyPress Group Reviews",
              "vendor": "wbcomdesigns",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marco Wotschka"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The plugin Wbcom Designs \u2013 BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. This makes it possible for unauthenticated attackers to modify reviews and plugin settings on the affected site."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:46:44.679Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/397dabc3-5dcf-4d1f-9e24-28af889cb76f?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/review-buddypress-groups/trunk/includes/bgr-ajax.php#L359"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2742109"
            },
            {
              "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2108"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2022-05-27T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2022-06-16T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Wbcom Designs \u2013 BuddyPress Group Reviews \u003c= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2022-2108",
        "datePublished": "2022-07-18T16:12:54.000Z",
        "dateReserved": "2022-06-16T00:00:00.000Z",
        "dateUpdated": "2026-04-08T16:46:44.679Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }