BuddyPress Restrictions Plugin Missing Authorization Vulnerability Allowing Unauthenticated Tracking Opt-In/Out

Vulnerability

A vulnerability exists in the Restrictions for BuddyPress WordPress plugin, all versions through 1.5.2, due to a lack of proper capability checks in the handle_optin_optout() function. This flaw allows unauthenticated users to manipulate tracking preferences, opting in or out of tracking without authorization.

Impact

Exploitation of this vulnerability allows for unauthorized changes to tracking status, potentially disrupting user tracking or analytics processes.

Added: Nov 18, 2025, 10:27 AM

Updated: Nov 18, 2025, 2:56 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BuddyPress Restrictions Plugin Missing Authorization Vulnerability Allowing Unauthenticated Tracking Opt-In/Out

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating