CVE-2024-12767

CWE-639Insecure Direct Object Reference3 documents3 sources
Severity
3.5LOW
EPSS
0.1%
top 66.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Buddyboss-platformBuddyboss Buddyboss Platform
Timeline
PublishedMay 15

Description

The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

CVEListV5unknown/buddyboss-platform< 2.7.60

🔴Vulnerability Details

2
CVEList
BuddyBoss platform < 2.7.60 - Private Comment Exposure via IDOR2025-05-15
GHSA
GHSA-c6wh-53mq-4gr9: The buddyboss-platform WordPress plugin before 22025-05-15
CVE-2024-12767 (LOW CVSS 3.5) | The buddyboss-platform WordPress pl | cvebase.io