CVE-2024-4886

The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request
Configurations

Configuration 1 (hide)

cpe:2.3:a:buddyboss:buddyboss_platform:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 09:43

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/76e8591f-120c-4cd7-b9a2-79f8d4d98aa8/ - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/76e8591f-120c-4cd7-b9a2-79f8d4d98aa8/ - Exploit, Third Party Advisory

11 Jun 2024, 17:14

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/76e8591f-120c-4cd7-b9a2-79f8d4d98aa8/ - () https://wpscan.com/vulnerability/76e8591f-120c-4cd7-b9a2-79f8d4d98aa8/ - Exploit, Third Party Advisory
First Time Buddyboss
Buddyboss buddyboss Platform
CWE CWE-639
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
Summary
  • (es) Contiene una vulnerabilidad IDOR que permite a un usuario comentar una publicación privada manipulando la ID incluida en la solicitud.
CPE cpe:2.3:a:buddyboss:buddyboss_platform:*:*:*:*:*:wordpress:*:*

05 Jun 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-05 06:15

Updated : 2024-11-21 09:43


NVD link : CVE-2024-4886

Mitre link : CVE-2024-4886

CVE.ORG link : CVE-2024-4886


JSON object : View

Products Affected

buddyboss

  • buddyboss_platform
CWE
CWE-639

Authorization Bypass Through User-Controlled Key