Skip to:
Content
Pages
Categories
Search
Top
Bottom

bbPress Showing Security Risk to WPEngine


  • soniyabajoria
    Participant

    @soniyabajoria

    Security risk: privesc. It could be possible to elevate a user’s privileges to a higher permission level.

    Severity: critical

    Fixed in: 2.6.5

    Security risk: privesc. It could be possible to elevate a user’s privileges to a higher permission level.

    Severity: high

    Fixed in: 2.6.5

    Security risk: xss. Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.

    Severity: medium

    Fixed in: 2.6.0

    Security risk: xss. Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.

    Severity: medium

    Fixed in: 2.6.5

    Security risk: sqli. The plugin contains a vulnerability wherein unauthenticated visitors could inject SQL statements into WordPress. SQL injection could allow an attacker to gain control of your site.

    Severity: low

    Fixed in: 2.0

    Security risk: xss. Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.

    Severity: low

    Fixed in: 2.5.9

    Security risk: sqli. The plugin contains a vulnerability wherein unauthenticated visitors could inject SQL statements into WordPress. SQL injection could allow an attacker to gain control of your site.

    Severity: low

    Fixed in: 2.0

    Security risk: xss. Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.

    Severity: low

    Fixed in: 2.5.10

    Security risk: sqli. The plugin contains a vulnerability wherein unauthenticated visitors could inject SQL statements into WordPress. SQL injection could allow an attacker to gain control of your site.

    Severity: low

    Fixed in: 2.5.13

Viewing 2 replies - 1 through 2 (of 2 total)

  • Milan Petrovic
    Participant

    @gdragon

    All these are fixed, current stable version is 2.6.11, and all the risks you listed are for older versions. Update the plugin to the latest stable version.


    arnoldmatt
    Participant

    @arnoldmatt

    Whew, that’s a lot to catch up on! Thanks for the info, Milan. Updating bbPress now.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.
Skip to toolbar