cbcvebase.
CVE-2020-13693
published 2020-05-29

CVE-2020-13693: An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.

PriorityP274critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
43.88%
98.6th percentile
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.

Affected

2 ranges
VendorProductVersion rangeFixed in
bbpressbbpress< 2.6.52.6.5
bbpressbbpress>= 0 < 2.6.52.6.5

Detection & IOCsextracted from sources · hover to see the quote

otherbbp_keymaster
snort
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Possible WordPress Plugin BBPress 2.5 - Unauthenticated Priv Esc Attempt (CVE-2020-13693)"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"user_login"; content:"user_pass"; distance:0; content:"|22|bbp_keymaster|22|"; distance:0; fast_pattern; reference:url,www.exploit-db.com/exploits/48534; reference:cve,2020-13693; classtype:attempted-admin; sid:2030239; rev:1; metadata:affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2020_06_02, cve CVE_2020_13693, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, updated_at 2020_06_02;)
  • ·The vulnerability only exists when 'New User Registration' is enabled on the WordPress site. Sites with registration disabled are not affected.
  • ·The Snort/ET rule (sid:2030239) uses 'fast_pattern' on the '"bbp_keymaster"' byte pattern (|22|bbp_keymaster|22|), meaning detection depends on the literal JSON/form-encoded string being present in the POST body. Obfuscated or chunked transfer encoding may evade this rule.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.