Stored XSS Vulnerability in bbPress Plugin for WordPress
CVE-2020-13487
4.8MEDIUM
What is CVE-2020-13487?
The bbPress plugin, utilized by WordPress for forum management, has a security flaw in its Forum creation section. This vulnerability enables stored XSS attacks, allowing attackers to execute arbitrary JavaScript code in the context of the wp-admin/edit.php?post_type=forum page. An administrator can be exploited through the wp-admin/post.php?action=edit URI, leading to potential unauthorized access or data manipulation for all users. It's crucial for users of this plugin to review the latest updates and apply security measures to mitigate this threat.