Plattform
wordpress
Komponente
buddypress-humanity
Behoben in
1.2.1
CVE-2025-31033 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the Buddypress Humanity WordPress plugin. This flaw allows attackers to trick authenticated users into performing actions they did not intend, potentially leading to unauthorized modifications or deletions of data. The vulnerability impacts versions from 0.0.0 up to and including 1.2, and a fix is available in version 1.2.1.
A successful CSRF attack can have significant consequences. An attacker could leverage this vulnerability to modify user profiles, change settings, or even perform administrative actions if the targeted user possesses sufficient privileges. This could lead to unauthorized data modification, account takeover, and potential compromise of the entire WordPress site. The impact is amplified if the plugin is widely used and integrated with other critical functionalities of the website.
This vulnerability was publicly disclosed on 2025-04-09. While no active exploitation campaigns have been publicly reported, the CRITICAL CVSS score indicates a high potential for exploitation. The availability of a patch suggests that the vulnerability is being actively monitored by security researchers. No KEV listing is currently available.
WordPress websites utilizing the Buddypress Humanity plugin, particularly those with shared hosting environments or legacy configurations, are at increased risk. Sites with weak password policies or users who frequently click on suspicious links are also more vulnerable to CSRF attacks.
• wordpress / composer / npm:
grep -r 'humanity_settings_update' /var/www/html/wp-content/plugins/• generic web:
curl -I https://example.com/wp-content/plugins/buddypress-humanity/ | grep -i 'csrf-token'disclosure
Exploit-Status
EPSS
0.17% (39% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to immediately upgrade the Buddypress Humanity plugin to version 1.2.1 or later. If upgrading is not feasible due to compatibility issues or breaking changes, consider implementing a temporary workaround by adding CSRF tokens to all sensitive forms within the plugin. Additionally, implement a Web Application Firewall (WAF) with CSRF protection rules to filter out malicious requests. Regularly review WordPress plugin security best practices and ensure all plugins are kept up to date.
Aktualisieren Sie das Plugin Buddypress Humanity auf die neueste verfügbare Version, um die CSRF-Vulnerabilität zu mindern. Überprüfen Sie die Plugin-Updates direkt im WordPress-Admin-Dashboard oder über das Plugin-Repository von WordPress. Implementieren Sie zusätzliche Sicherheitsmaßnahmen, wie z. B. Eingabevalidierung und Ausgabekodierung, um zukünftige CSRF-Angriffe zu verhindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-31033 is a critical Cross-Site Request Forgery (CSRF) vulnerability affecting the Buddypress Humanity WordPress plugin, allowing attackers to perform unauthorized actions.
Yes, if you are using Buddypress Humanity versions 0.0.0 through 1.2, you are affected by this vulnerability.
Upgrade the Buddypress Humanity plugin to version 1.2.1 or later to resolve the vulnerability. Consider WAF rules as a temporary workaround.
While no public exploits are currently known, the CSRF nature of the vulnerability suggests a moderate probability of exploitation.
Refer to the plugin developer's website or WordPress plugin repository for the official advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.