A vulnerability classified as critical has been found in BuddyBoss Platform Pro Plugin up to 2.7.01 on WordPress. Affected is an unknown function of the component Apple OAuth Provider. The manipulation leads to improper authentication.

This vulnerability is traded as CVE-2025-1909. It is possible to launch the attack remotely. There is no exploit available.