Cross-Site Request Forgery in BuddyBoss Theme by BuddyBoss LLC
CVE-2024-37925

5.4MEDIUM

Key Information:

Vendor: Buddyboss Llc
Status: Buddyboss Theme
Vendor: CVE Published:; 2 January 2025

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the BuddyBoss Theme provided by BuddyBoss LLC. This security flaw allows malicious actors to perform unauthorized actions on behalf of users without their consent. The vulnerability impacts all versions from release up to and including version 2.4.61, which raises significant concerns for sites utilizing this theme. Proper validation of user actions is essential to mitigate potential exploitation of this issue.

Affected Version(s)

BuddyBoss Theme <= 2.4.61

References

https://patchstack.com/database/wordpress/theme/buddyboss...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Jun 10, 2024

Credit

Dave Jong (Patchstack)