Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2021-21389

Published: 26/03/2021 Updated: 01/04/2021
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 802
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Buddypress

Vulnerability Summary

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 prior to 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

buddypress buddypress

Github Repositories

https://github.com/warren2i/docker-lab

Privilege Escalation via REST API Leading to Docker Container Escape Lab Writeup (time required 30 mins - 60 mins) A lab by Warren Atkinson A wordpress website with outdated vulnerable plugins leading to authentication bypass & rce, web host machine takeover leading to container breakout to host Subjects covered API manipulation Creating a user account with auth bypas

https://github.com/HoangKien1020/CVE-2021-21389

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plu…

CVE-2021-21389 BuddyPress < 721 - REST API Privilege Escalation to RCE PoC (Full) Affected version: 500 to 720 User requirement: Subscriber user Method: Privilege Escalation to Administrator and trigger RCE via REST API Endpoint: /v1/members/me endpoint How to use Docker git clone githubcom/HoangKien1020/CVE-2021-21389 cd CVE-2021-21389/ docker build -

https://github.com/kal1gh0st/BuddyPress-API-Privilege-Escalation-to-RCE

Method: Privilege Escalation to Administrator and trigger RCE via REST API

CVE-2021-21389 BuddyPress < 721 - REST API Privilege Escalation to RCE PoC (Full) Affected version: 500 to 720 User requirement: Subscriber user Method: Privilege Escalation to Administrator and trigger RCE via REST API Endpoint: /v1/members/me endpoint How to use Docker git clone githubcom/HoangKien1020/CVE-2021-21389 cd CVE-2021-21389/ docker build -

References

CWE-863https://buddypress.org/2021/03/buddypress-7-2-1-security-release/https://codex.buddypress.org/releases/version-7-2-1/https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3https://nvd.nist.govhttps://github.com/warren2i/docker-labhttps://github.com/HoangKien1020/CVE-2021-21389
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook