Access Control Vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress
CVE-2025-30957

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Activity Plus Reloaded For Buddypress
Vendor: CVE Published:; 6 June 2025

What is CVE-2025-30957?

The Activity Plus Reloaded plugin for BuddyPress has a missing authorization flaw that may allow an attacker to bypass access control security measures. This issue is notably present in versions up to 1.1.2. If exploited, it could lead to unauthorized access to certain features within the plugin due to incorrectly configured security levels. Proper security measures should be reviewed and implemented to mitigate this vulnerability and safeguard against potential exploits.

Affected Version(s)

Activity Plus Reloaded for BuddyPress <= 1.1.2

References

https://patchstack.com/database/wordpress/plugin/bp-activ...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Nguyen Tran Tuan Dung (domiee13) (Patchstack Alliance)

WordPress

What is CVE-2025-30957?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit