#WordPress #CVE-2021-21389?
#BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it’s possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint.
BuddyPress 5.0.0 to 7.2.0 – REST API Privilege Escalation to RCE
Exploitation requirement
User requirement: Subscriber user
Method:
Privilege Escalation to Administrator and trigger RCE via REST API
Vulnerable Endpoint:
/v1/members/me endpoint.
Github : https://github.com/HoangKien1020/CVE-2021-21389
#Vulnmachines – Place for Pentesters
Vulnmachines is online cyber security training platform with a massive number of labs, allowing individuals, students, cyber professionals, companies, universities and all kinds of organizations around the world to enhance their practical skills with Real-world enterprise scenarios.
Visit : https://www.vulnmachines.com
Contact for premium labs : [email protected]
Twitter : https://www.twitter.com/vulnmachines
Follow us
Twitter : https://www.twitter.com/rapidsafeguard
Facebook : https://www.fb.com/rapidsafeguard
YouTube : https://www.youtube.com/c/rapidsafegu…
Telegram : https://t.me/rapidsafeguard
Blogs : https://medium.com/@rapidsafeguard
Contact : [email protected]
Website : https://www.rapidsafeguard.com
#infosec #bugbounty #owasptop10 #cve #vulnmachines
source