Description
WordPress Plugin BuddyPress is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions. WordPress Plugin BuddyPress version 2.3.4 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 2.3.5, 2.0.4, 2.1.2, 2.2.4 or latest
References
Related Vulnerabilities
Oracle Database Server CVE-2010-2391 Vulnerability (CVE-2010-2391)
WordPress Plugin Fast Secure Contact Form 'index.php' Cross-Site Scripting (3.0.3.1)
WordPress Plugin Age Verification 'redirect_to' Parameter URI Redirection (0.4)
WordPress 4.1.x Cross-Site Scripting Vulnerability (4.1 - 4.1.8)
phpList Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-6178)