#WordPress #CVE-2021-21389?
#BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it’s possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint.

BuddyPress 5.0.0 to 7.2.0 – REST API Privilege Escalation to RCE
Exploitation requirement
User requirement: Subscriber user
Method:
Privilege Escalation to Administrator and trigger RCE via REST API
Vulnerable Endpoint:
/v1/members/me endpoint.

Github : https://github.com/HoangKien1020/CVE-2021-21389

#Vulnmachines – Place for Pentesters
Vulnmachines is online cyber security training platform with a massive number of labs, allowing individuals, students, cyber professionals, companies, universities and all kinds of organizations around the world to enhance their practical skills with Real-world enterprise scenarios.

Visit : https://www.vulnmachines.com
Contact for premium labs : [email protected]
Twitter : https://www.twitter.com/vulnmachines

Follow us
Twitter : https://www.twitter.com/rapidsafeguard
Facebook : https://www.fb.com/rapidsafeguard
YouTube : https://www.youtube.com/c/rapidsafegu…
Telegram : https://t.me/rapidsafeguard
Blogs : https://medium.com/@rapidsafeguard
Contact : [email protected]
Website : https://www.rapidsafeguard.com

#infosec #bugbounty #owasptop10 #cve #vulnmachines

source

WordPress BuddyPress RCE | CVE-2021-21389 PoC

Leave a Reply

Related Posts

WordPress Plugin Development: Gutenberg Blocks, React & More

The Top 10 Best WooCommerce Themes For WordPress 2021 (Seriously)

How to Add a Transparent Header to Your WordPress Website | Astra + Elementor Tutorial 2021

Leave a Reply