CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-31033

CVSS 9.8v3.1pub. 2025-04-09upd. 2026-04-23

Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity buddypress-humanity allows Cross Site Request Forgery.This issue affects Buddypress Humanity: from n/a through <= 1.2.

🤖 AI Analysis
How it works

The vulnerability stems from improper CSRF token verification when handling HTTP requests that modify application state. An attacker can trick a logged-in user (e.g., administrator) into visiting a crafted page or clicking a malicious link, which will cause an unauthorized request to be executed in the context of the victim's session. As a result, it is possible to perform operations leading to privilege escalation — granting higher privileges to the attacker or modifying user accounts.

Impact

An attacker can elevate their own privileges in the WordPress system, potentially gaining administrative access to the website. This results in complete breach of confidentiality, integrity, and availability of data.

Mitigation & patch

Apply patches available from the vendor according to references. It is recommended to update the plugin to a version higher than 1.2. If an update is not available, consider deactivating the plugin until a fix is released.

Who is affected

BuddyPress Humanity plugin (buddypress-humanity) by Adam Nowak — versions from the beginning of existence through 1.2 inclusive

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References