CVE-2024-4886

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-4886

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-4886.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-4886

Published

2024-06-05T06:00:02.593Z

Modified

2026-05-28T04:10:06.010545908Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

BuddyBoss Platform < 2.6.0 - Subscriber+ Comment on Private Post via IDOR

Details

The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request

Database specific

{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "2.6.0"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "WPScan",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/4xxx/CVE-2024-4886.json"
}

References

Affected packages

Git / github.com/buddyboss/buddyboss-platform

Affected ranges

Type

GIT

Repo

https://github.com/buddyboss/buddyboss-platform

Events

Introduced

Fixed

c3607766052a454bbbf02608e586b4db7957c4e2

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.6.00"
        }
    ],
    "cpe": "cpe:2.3:a:buddyboss:buddyboss_platform:*:*:*:*:*:wordpress:*:*",
    "source": "CPE_RANGE"
}

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.1.0

1.1.1

1.1.5

1.1.6

1.1.7

1.1.8

1.1.8.1

1.1.9

1.2.0

1.2.1

1.2.1.1

1.2.2

1.2.2.1

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.2.9.1

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.4.0

1.4.0.1

1.4.0.2

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.5.0

1.5.1

1.5.1.1

1.5.2

1.5.3

1.5.4

1.5.5

1.5.5.1

1.5.6

1.5.7

1.5.7.1

1.5.7.2

1.5.7.3

1.5.8

1.5.8.1

1.5.8.2

1.5.8.3

1.5.9

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.7.0

1.7.0.1

1.7.1

1.7.2

1.7.2.1

1.7.2.2

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.7.7.1

1.7.8

1.7.9

1.8.0

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.9.0

1.9.0.1

1.9.1

1.9.1.1

1.9.2

2.*

2.0.0

2.0.1

2.0.1.1

2.0.2

2.0.3

2.0.3.1

2.0.4

2.0.4.1

2.0.5

2.0.6

2.0.8

2.0.9

2.1.0

2.1.1

2.1.1.1

2.1.2

2.1.3

2.1.4

2.1.4.1

2.1.5

2.1.6

2.1.6.1

2.1.6.2

2.1.7

2.1.7.1

2.1.7.2

2.2

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.6.1

2.2.7

2.2.7.1

2.2.8

2.2.9

2.2.9.1

2.3.0

2.3.1

2.3.1.1

2.3.1.2

2.3.2

2.3.3

2.3.4

2.3.41

2.3.42

2.3.50

2.3.60

2.3.70

2.3.80

2.3.81

2.3.90

2.3.91

2.4.00

2.4.10

2.4.11

2.4.20

2.4.30

2.4.40

2.4.41

2.4.50

2.4.60

2.4.61

2.4.62

2.4.63

2.4.70

2.4.71

2.4.80

2.4.90

2.5.00

2.5.10

2.5.11

2.5.20

2.5.30

2.5.31

2.5.40

2.5.50

2.5.51

2.5.52

2.5.60

2.5.61

2.5.70

2.5.71

2.5.80

2.5.81

2.5.90

2.5.91

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-4886.json"