CVE-2024-4750

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-4750
The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://wpscan.com/vulnerability/ffbe4034-842b-43b0-97d1-208811376dea/ Exploit Third Party Advisory
https://wpscan.com/vulnerability/ffbe4034-842b-43b0-97d1-208811376dea/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:buddyboss:buddyboss:*:*:*:*:*:wordpress:*:*
History

30 Jun 2025, 18:22

Type Values Removed Values Added
CWE CWE-639
CPE cpe:2.3:a:buddyboss:buddyboss:*:*:*:*:*:wordpress:*:*
First Time Buddyboss
Buddyboss buddyboss
References () https://wpscan.com/vulnerability/ffbe4034-842b-43b0-97d1-208811376dea/ - () https://wpscan.com/vulnerability/ffbe4034-842b-43b0-97d1-208811376dea/ - Exploit, Third Party Advisory

27 Mar 2025, 21:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3

21 Nov 2024, 09:43

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/ffbe4034-842b-43b0-97d1-208811376dea/ - () https://wpscan.com/vulnerability/ffbe4034-842b-43b0-97d1-208811376dea/ -

04 Jun 2024, 16:57

Type Values Removed Values Added
Summary
  • (es) El complemento buddyboss-platform de WordPress anterior a 2.6.0 contiene una vulnerabilidad IDOR que permite a un usuario darle me gusta a una publicación privada manipulando la identificación incluida en la solicitud.

04 Jun 2024, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-04 06:15

Updated : 2025-06-30 18:22

NVD link : CVE-2024-4750

Mitre link : CVE-2024-4750

CVE.ORG link : CVE-2024-4750

JSON object : View

Products Affected

buddyboss

  • buddyboss
CWE
CWE-639

Authorization Bypass Through User-Controlled Key