What the vulnerability does
01Description
Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through <= 14.3.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through <= 14.3.4.
Explanation of Vulnerability in Simple Terms
BuddyPress versions up to 14.3.4 fail to properly check user permissions before allowing access to sensitive data. An attacker on the network can read confidential information without authentication. The vulnerability affects all installations running the affected versions. Update to version 14.4.0 or later to resolve this issue.
What an attacker can do
Read sensitive data from the site without logging in.
Potential impact on your site
Confidential user data or site information may be exposed to unauthenticated attackers.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities