What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity buddypress-humanity allows Cross Site Request Forgery.This issue affects Buddypress Humanity: from n/a through <= 1.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity buddypress-humanity allows Cross Site Request Forgery.This issue affects Buddypress Humanity: from n/a through <= 1.2.
Explanation of Vulnerability in Simple Terms
BuddyPress Humanity versions 1.2 and earlier contain a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unauthorized actions on behalf of site users without their knowledge. An attacker can craft a malicious link or page that, when visited by a logged-in user, executes unwanted operations. No user interaction beyond visiting a page is required, and the vulnerability affects all users regardless of their role.
What an attacker can do
Perform unauthorized actions on the site on behalf of any logged-in user without their consent.
Potential impact on your site
Users' accounts can be compromised to perform actions like changing settings, deleting content, or modifying user data without their knowledge.
Conditions required to exploit
Victim must be logged into the site and visit an attacker-controlled page or click a malicious link.
Key dates
External resources
Related vulnerabilities