← Back

Activity Plus Reloaded For Buddypress

activity_plus_reloaded_for_buddypress

Vendor: Buddydev • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-11913
1Buddydev
1Activity Plus Reloaded For Buddypress
Feb 4, 2025
Jan 24, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajax_preview_link' function. This makes it possible f...Show more
The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajax_preview_link' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.Show less