{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T19:17:34.380","vulnerabilities":[{"cve":{"id":"CVE-2023-32669","sourceIdentifier":"cve-coordination@incibe.es","published":"2023-10-03T13:15:10.077","lastModified":"2024-11-21T08:03:48.870","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id)."},{"lang":"es","value":"Vulnerabilidad de omisión de autorización en la versión BuddyBoss 2.2.9, cuya explotación podría permitir a un usuario autenticado acceder y cambiar el nombre de los álbumes de otros usuarios. Esta vulnerabilidad se puede aprovechar cambiando la identificación del álbum (id)."}],"metrics":{"cvssMetricV31":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:buddyboss:buddyboss:2.2.9:*:*:*:*:wordpress:*:*","matchCriteriaId":"1793CDB5-4DF1-4C79-B52F-66E2EE09C8DB"}]}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-budyboss","source":"cve-coordination@incibe.es","tags":["Third Party Advisory"]},{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-budyboss","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}