WordPress Buddyboss Platform plugin <= 3.0.4 - PHP Object Injection vulnerability

Description

A vulnerability has been found in BuddyBoss Platform Plugin up to 3.0.4 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality. This manipulation causes deserialization.

Affected Products

Vendor	Product	Versions
buddyboss	buddyboss	n/a

References

https://patchstack.com/database/wordpress/plugin/buddyboss-platform/vulnerability/wordpress-buddyboss-platform-plugin-3-0-4-php-object-injection-vulnerability?_s_id=cve(vdb-entry)

Related News (1 articles)

Tier C

VulDB1d ago

CVE-2026-56032 | BuddyBoss Platform Plugin up to 3.0.4 on WordPress deserialization

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-502

PublishedJun 26, 2026

Last enriched1d agov2

Trending Score54

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 26, 2026

Discovered by ZDM

Jun 26, 2026

Actively Exploited

Jun 26, 2026

Updated: description, activelyExploited

Jun 26, 2026

Version History

Last enriched 1d ago

v2Tier C1d ago

Updated description with more technical detail, marked as actively exploited, and corrected exploit availability.

descriptionactivelyExploited

via VulDB

v11d ago

Initial creation