5 matches found
CVE-2023-51477
Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a through 2.4.60...
CVE-2023-51477
CVE-2023-51477 describes an incomplete authentication flaw in the WordPress BuddyBoss Theme (v2.4.60 and earlier) that allows an unauthenticated actor to access functionality constrained by ACLs. The base metrics list a high-impact, critical-severity scenario (CVSS 3.1 vector: Network, Low attack...
CVE-2023-51477 WordPress BuddyBoss Theme theme <= 2.4.60 - Unauth. Arbitrary WordPress Settings Change vulnerability
Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a through 2.4.60...
WordPress BuddyBoss Theme Theme <= 2.4.60 is vulnerable to Settings Change
Software BuddyBoss Theme Type Theme Vulnerable versions = 2.4.60 Fixed in 2.4.61 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2023-51477 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 91b38329ee46 Credits Dave Jong Patchstack Required...
VulnCheck KEV: CVE-2023-51477
Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a through 2.4.60...