3 matches found
CVE-2024-4750 BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment
The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request...
CVE-2024-4750
The CVE-2024-4750 entry concerns the BuddyBoss Platform WordPress plugin prior to 2.6.0, where an Insecure Direct Object Reference (IDOR) allows a user to like a private post by manipulating the post ID in the request (id parameter). Multiple sources (Patchstack, PT-Security, WPVulndb, CVE record...
WordPress Buddyboss Platform Plugin < 2.6.0 is vulnerable to Insecure Direct Object References (IDOR)
Software Buddyboss Platform Type Plugin Vulnerable versions 2.6.0 Fixed in 2.6.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-4750 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID edae12ac139d Credits Faris Krivi...