2 matches found
CVE-2024-4886 BuddyBoss Platform < 2.6.0 - Subscriber+ Comment on Private Post via IDOR
The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request...
CVE-2024-4886
CVE-2024-4886 describes an IDOR vulnerability in the WordPress BuddyBoss Platform plugin where an authenticated user (Subscriber+) can comment on a private post by manipulating the numeric ID in the request. The issue is labeled as an insecure Directory Object Reference and affects BuddyBoss Plat...