CVE-2017-6954

MEDIUM4.3EPSS 0.29%

BuddyPress Docs plugin Improper Privilege Management

發布日:2022/5/13修改日:2024/4/25

描述

An issue was discovered in `includes/component.php` in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions.

受影響套件(1)

Packagist/buddypress/buddypressfrom 0, < 1.9.3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-6954
WEBhttps://github.com/boonebgorges/buddypress-docs/commit/75293ed4e5f31f04e54689bfe2c647e3e3f5e1a9
WEBhttps://wordpress.org/plugins/buddypress-docs/changelog
WEBhttp://www.securityfocus.com/bid/97238