CVE 8.6 HIGH

BuddyPress 14.4.0 Private Message IDOR via REST API user_id Parameter_CVE-2026-53673

June 9, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a user_id parameter in the request. Attackers can pass another user's identifier to the get_item_permissions_check method, which validates the supplied user_id instead of the logged-in user and is reused by the update and delete handlers, to read, reply to, or delete any user's private messages.

AI Analysis

Insecure direct object reference vulnerability in the messages REST API

Basic Information

ID CVE-2026-53673

Source VulnCheck

Published Jun 9, 2026 at 23:44

Affected Product

Vendor BuddyPress

Product BuddyPress

Version 14.4.0

Affected Versions BuddyPress BuddyPress 0

CWE Classification

CWE-639

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Automattic

Product BuddyPress

Version 14.4.0

References

{
    "lastseen": "",
    "description": "BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a user_id parameter in the request. Attackers can pass another user's identifier to the get_item_permissions_check method, which validates the supplied user_id instead of the logged-in user and is reused by the update and delete handlers, to read, reply to, or delete any user's private messages.",
    "published": "2026-06-09T23:44:20.697Z",
    "modified": "2026-06-09T23:44:20.697Z",
    "type": "cve",
    "title": "BuddyPress 14.4.0 Private Message IDOR via REST API user_id Parameter",
    "source": "VulnCheck",
    "references": "https://buddypress.org/\nhttps://wordpress.org/plugins/buddypress/\nhttps://www.vulncheck.com/advisories/buddypress-private-message-idor-via-rest-api-user-id-parameter",
    "id": "CVE-2026-53673",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "BuddyPress BuddyPress 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BuddyPress",
    "version": "14.4.0",
    "vendor": "BuddyPress",
    "ai_description": "Insecure direct object reference vulnerability in the messages REST API",
    "ai_severity": "High",
    "ai_vendor": "Automattic",
    "ai_product": "BuddyPress",
    "ai_version": "14.4.0",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply