Skip to:
Content
Pages
Categories
Search
Top
Bottom

Security Advisory: Stored XSS in bbPress

  • @artmuns

    Participant

    10 years ago

    Anyone know about this?

    During regular research audits of our Sucuri Firewall, we discovered a Stored XSS vulnerability affecting the bbPress plugin for WordPress, currently installed on 300,000 live websites, one of them being the popular wordpress.org support forum.

    Exploitation Level: Easy/Remote
    DREAD Score: 6/10
    Vulnerability: Stored XSS
    Patched Version: bbPress 2.5.9
    As a Cross-Site Scripting (XSS) vulnerability, it could allow this user to hijack other user accounts, perform actions on their behalf (like administrators, moderators, etc.) to escalate its user’s privileges.

Viewing 4 replies - 1 through 4 (of 4 total)

  • @robin-w

    Moderator

    10 years ago

    which is why 2.5.9 has been released

    https://bbpress.org/forums/topic/bbpress-2-5-9/

    @artmuns

    Participant

    10 years ago

    Thanks, wasn’t sure if that Sucuri notification was for 2.5.9 or a previous version.

    @netweb

    Keymaster

    10 years ago

    Unfortunately the original Sucuri article incorrectly stated what versions of bbPress were affected, the article has seen been updated to document what versions of bbPress were affected. bbPress 2.5.9 patched the security issue documented by Sucuri.

    @robin-w

    Moderator

    10 years ago

    Thanks for the clarification Stephen !

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Topic Info

Topic Tags

Skip to toolbar