CVE-2017-6954

MEDIUM4.3EPSS 0.29%

BuddyPress Docs plugin Improper Privilege Management

Published: 5/13/2022Modified: 4/25/2024

Description

An issue was discovered in `includes/component.php` in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions.

Affected packages (1)

Packagist/buddypress/buddypressfrom 0, < 1.9.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-6954
WEBhttps://github.com/boonebgorges/buddypress-docs/commit/75293ed4e5f31f04e54689bfe2c647e3e3f5e1a9
WEBhttps://wordpress.org/plugins/buddypress-docs/changelog
WEBhttp://www.securityfocus.com/bid/97238