Hillstone Networks

RULE（RULE ID：330319）

Rule General Information


Release Date:		2020-06-02

Rule Name:		WordPress Plugin BBPress Unauthenticated Privilege Escalation Vulnerability (CVE-2020-13693)

Severity:

CVE ID:

Rule Protection Details


Description:		An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.

Impact:		An attacker could exploit this vulnerability to have unspecified effect.

Affected OS:		Windows

Reference:		http://packetstormsecurity.com/files/157885/WordPress-BBPress-2.5-Privilege-Escalation.html https://bbpress.org/blog/2020/05/bbpress-2-6-5-is-out/ https://codex.bbpress.org/releases/ https://wordpress.org/plugins/bbpress/#developers

Solutions

The vendors have released upgrade patches to fix vulnerabilities, please visit:
https://bbpress.org/blog/2020/05/bbpress-2-6-5-is-out/