CVE-2026-53673 — BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a use — CVE Database · The Intelligence Room