Primary

Context

BuddyBoss Platform WordPress Plugin Privileged Comment Exposure Vulnerability

Vulnerability

Patched

A vulnerability in the BuddyBoss Platform WordPress plugin, affecting versions prior to 2.7.60, allows logged-in users to access comments on private posts due to inadequate access controls. This issue represents an Insecure Direct Object Reference (IDOR) vulnerability, classified under OWASP A5: Broken Access Control and CWE-639.

Impact

Exploitation of this vulnerability could lead to unauthorized exposure of comments on private posts.

Remediation

Users can update to BuddyBoss Platform version 2.7.60 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

6.4

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

6.4

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BuddyBoss Platform WordPress Plugin Privileged Comment Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

BuddyBoss Platform

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating