WordPress BuddyPress RCE | CVE-2021-21389 PoC

#WordPress #CVE-2021-21389?
#BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it’s possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint.

BuddyPress 5.0.0 to 7.2.0 – REST API Privilege Escalation to RCE
Exploitation requirement
User requirement: Subscriber user
Method:
Privilege Escalation to Administrator and trigger RCE via REST API
Vulnerable Endpoint:
/v1/members/me endpoint.

Github : https://github.com/HoangKien1020/CVE-2021-21389

#Vulnmachines​​ – Place for Pentesters
Vulnmachines is online cyber security training platform with a massive number of labs, allowing individuals, students, cyber professionals, companies, universities and all kinds of organizations around the world to enhance their practical skills with Real-world enterprise scenarios.

Visit : https://www.vulnmachines.com​​​​​
Contact for premium labs : [email protected]
Twitter : https://www.twitter.com/vulnmachines​​​​

Follow us
Twitter : https://www.twitter.com/rapidsafeguard
Facebook : https://www.fb.com/rapidsafeguard​​​​
YouTube : https://www.youtube.com/c/rapidsafegu…
Telegram : https://t.me/rapidsafeguard​​​​
Blogs : https://medium.com/@rapidsafeguard​​​​
Contact : [email protected]
Website : https://www.rapidsafeguard.com​​

#infosec #bugbounty #owasptop10 #cve #vulnmachines

source