← volver
CVE-2026-53673

BuddyPress 14.4.0 Private Message IDOR via REST API user_id Parameter

CVSS 8.6 HIGHEPSS 0.3%CWE-639
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a user_id parameter in the request. Attackers can pass another user's identifier to the get_item_permissions_check method, which validates the supplied user_id instead of the logged-in user and is reused by the update and delete handlers, to read, reply to, or delete any user's private messages.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Productos afectados
BuddyPress · BuddyPress

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://buddypress.org/https://wordpress.org/plugins/buddypress/https://www.vulncheck.com/advisories/buddypress-private-message-idor-via-rest-api-user-id-parameter