Vulnerability Description
An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions.
CVSS Score
4.3
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Buddypress | Buddypress | <= 1.9.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/97238
- https://github.com/boonebgorges/buddypress-docs/commit/75293ed4e5f31f04e54689bfePatchThird Party Advisory
- https://wordpress.org/plugins/buddypress-docs/changelog/Release NotesThird Party Advisory
- http://www.securityfocus.com/bid/97238
- https://github.com/boonebgorges/buddypress-docs/commit/75293ed4e5f31f04e54689bfePatchThird Party Advisory
- https://wordpress.org/plugins/buddypress-docs/changelog/Release NotesThird Party Advisory
FAQ
What is CVE-2017-6954?
CVE-2017-6954 is a vulnerability with a CVSS score of 4.3 (MEDIUM). An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permi...
How severe is CVE-2017-6954?
CVE-2017-6954 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6954?
Check the references section above for vendor advisories and patch information. Affected products include: Buddypress Buddypress.