Security Advisory: Stored XSS in bbPress
Anyone know about this?
During regular research audits of our Sucuri Firewall, we discovered a Stored XSS vulnerability affecting the bbPress plugin for WordPress, currently installed on 300,000 live websites, one of them being the popular wordpress.org support forum.
Exploitation Level: Easy/Remote
DREAD Score: 6/10
Vulnerability: Stored XSS
Patched Version: bbPress 2.5.9
As a Cross-Site Scripting (XSS) vulnerability, it could allow this user to hijack other user accounts, perform actions on their behalf (like administrators, moderators, etc.) to escalate its user’s privileges.
- You must be logged in to reply to this topic.