CVE-2024-4750

Published: Jun 4, 2024Modified: Jun 30, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request

Affected (1)

Products: Buddyboss: Buddyboss

Buddyboss

1 product

Buddyboss

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Buddyboss Buddyboss	Before 2.6.0

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://wpscan.com/vulnerability/ffbe4034-842b-43b0-97d1-208811376dea/

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/ffbe4034-842b-43b0-97d1-208811376dea/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.