CVE-2025-1909 in BuddyBoss Platform Pro Plugin情報

要約 (英語)

The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

予約する

2025年03月03日

公開

2025年05月05日

エントリ

VulDB provides additional information and datapoints for this CVE:

識別子脆弱性CWE悪用可対策CVE
307386BuddyBoss Platform Pro Plugin Apple OAuth Provider 弱い認証287未定義未定義CVE-2025-1909

説明

CPE

CWE

CVSS

エクスプロイト

履歴

差分

リンクする

脅威インテリジェンス

API JSON

API XML

API CSV

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!