Miggo Logo
Miggo Vulnerability Database
CVE-2020-13693

CVE-2020-13693: bbPress unauthenticated privilege-escalation

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-13693
GHSA ID
GHSA-mwxh-6j9v-45ph
EPSS Score
0.97363%
CWE
CWE-269
Published
5/24/2022
Updated
4/25/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
bbpress/bbpresscomposer< 2.6.52.6.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper privilege management during user registration. Key observations:

  1. The exploit requires 'New User Registration' to be enabled, implicating registration flow functions.
  2. CWE-269 indicates flawed role assignment logic.
  3. bbPress 2.6.5's release notes specifically mention privilege escalation fixes in registration/auth systems.
  4. The unauthenticated nature suggests functions processing registration requests lacked:
    • Role parameter sanitization
    • Authorization checks for role assignment
    • Enforcement of WordPress's default role settings Functions like bbp_create_user (registration handler) and bbp_set_user_default_role (role assignment) would be primary candidates for these flaws, consistent with WordPress plugin vulnerability patterns.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n un*ut**nti**t** privil***-*s**l*tion issu* *xists in t** **Pr*ss plu*in ***or* *.*.* *or Wor*Pr*ss w**n N*w Us*r R**istr*tion is *n**l**.

Reasoning

T** vuln*r**ility st*ms *rom improp*r privil*** m*n***m*nt *urin* us*r r**istr*tion. K*y o*s*rv*tions: *. T** *xploit r*quir*s 'N*w Us*r R**istr*tion' to ** *n**l**, impli**tin* r**istr*tion *low *un*tions. *. *W*-*** in*i**t*s *l*w** rol* *ssi*nm*nt