Description
The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request
Published: 2024-06-04
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0022}

 epss

{'score': 0.00234}

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00118}

 epss

{'score': 0.0022}

Mon, 30 Jun 2025 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Buddyboss
Buddyboss buddyboss
Weaknesses CWE-639
CPEs cpe:2.3:a:buddyboss:buddyboss:*:*:*:*:*:wordpress:*:*
Vendors & Products Buddyboss
Buddyboss buddyboss

Thu, 27 Mar 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Buddyboss Buddyboss
cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2025-03-27T21:11:34.672Z

Reserved: 2024-05-10T12:27:28.682Z

Link: CVE-2024-4750

cve-icon Vulnrichment

Updated: 2024-08-01T20:47:41.684Z

cve-icon NVD

Status : Analyzed

Published: 2024-06-04T06:15:11.960

Modified: 2025-06-30T18:22:12.210

Link: CVE-2024-4750

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses