CVE-2024-4750: BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment

Description

The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request

Classification

CVE ID: CVE-2024-4750

Problem Types

CWE-639 Authorization Bypass Through User-Controlled Key

Affected Products

Vendor: Unknown

Product: buddyboss-platform

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 16.4% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-4750
https://wpscan.com/vulnerability/ffbe4034-842b-43b0-97d1-208811376dea/

Timeline

2025-03-27 22:40:16 UTC
CVE

BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment