GSA_kwCzR0hTQS05d2Y2LTg4eDQtNnh2as4AASZm

Moderate EPSS: 0.00292% (0.51964 Percentile) EPSS:

Permalink JSON

BuddyPress Docs plugin Improper Privilege Management

Affected Packages	Affected Versions	Fixed Versions
packagist:buddypress/buddypress	< 1.9.3	1.9.3
2 Dependent packages 7 Dependent repositories 1,945 Downloads total Affected Version Ranges All affected versions All unaffected versions 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.4.0, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.8.0, 2.8.1, 2.8.2, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 3.0.0, 3.1.0, 3.2.0, 3.2.1, 4.0.0, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 4.4.1, 5.0.0, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.2.2, 6.0.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 6.4.2, 6.4.3, 7.0.0, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.2, 7.3.3, 7.3.4, 8.0.0, 8.0.2, 8.0.3, 8.0.4, 9.0.0, 9.1.1, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.6.2, 10.6.3, 10.6.4, 11.0.0, 11.1.0, 11.2.0, 11.3.1, 11.3.2, 11.4.0, 11.4.1, 11.4.2, 11.4.3, 11.4.4, 12.0.0, 12.1.1, 12.2.0, 12.3.0, 12.4.0, 12.4.1, 12.5.0, 12.5.1, 12.5.2, 12.5.3, 14.0.0, 14.1.0, 14.2.1, 14.3.1, 14.3.3, 14.3.4

An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions.

References:

Identifiers

GHSA-9wf6-88x4-6xvj

CVE-2017-6954

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00292

EPSS Percentile: 0.51964

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/boonebgorges/buddypress-docs

Date and time

Published

about 3 years ago

Updated

over 1 year ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories