What the vulnerability does
01Description
Missing Authorization vulnerability in Pascal Casier bbPress API bbp-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects bbPress API: from n/a through <= 1.0.14.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in Pascal Casier bbPress API bbp-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects bbPress API: from n/a through <= 1.0.14.
Explanation of Vulnerability in Simple Terms
The bbPress API in versions up to 1.0.14 does not properly check user permissions before allowing access to certain API endpoints. An attacker without authentication can read sensitive information exposed through these endpoints. The vulnerability affects the confidentiality of data but does not allow modification or denial of service.
What an attacker can do
Read sensitive data from unprotected API endpoints without authentication.
Potential impact on your site
Sensitive information may be exposed to unauthenticated users via API endpoints.
Conditions required to exploit
Network access to the affected bbPress API; no authentication or user interaction required.
Key dates
External resources