CVE-2022-2108

MEDIUM

Wbcom Designs - BuddyPress Group Reviews <2.8.3 - CSRF

Title source: llm
STIX 2.1

Description

The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. This makes it possible for unauthenticated attackers to modify reviews and plugin settings on the affected site.

Scores

CVSS v3 6.5
EPSS 0.0067
EPSS Percentile 47.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
wbcomdesigns/buddypress_group_reviews < 2.8.4
wbcomdesigns/Wbcom Designs – BuddyPress Group Reviews < 2.8.3
Published Jul 18, 2022
Tracked Since Feb 18, 2026