Permissions, Privileges, and Access Controls in bbPress - CVE-2020-13693
Published: June 3, 2020 / Updated: June 4, 2020
Vulnerability identifier: #VU28541
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2020-13693
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: JJJ
Affected software:
bbPress
bbPress
Detailed vulnerability description
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions when new user registration is enabled, which leads to security restrictions bypass and privilege escalation.
How to mitigate CVE-2020-13693
Install updates from vendor's website.