CVE-2017-6954

Опубликовано: 17 мар. 2017

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions.

Ссылки

http://www.securityfocus.com/bid/97238
https://github.com/boonebgorges/buddypress-docs/commit/75293ed4e5f31f04e54689bfe2c647e3e3f5e1a9
Patch
Third Party Advisory
https://wordpress.org/plugins/buddypress-docs/changelog/
Release Notes
Third Party Advisory
http://www.securityfocus.com/bid/97238
https://github.com/boonebgorges/buddypress-docs/commit/75293ed4e5f31f04e54689bfe2c647e3e3f5e1a9
Patch
Third Party Advisory
https://wordpress.org/plugins/buddypress-docs/changelog/
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:buddypress:buddypress:*:*:*:*:*:*:*:*

Версия до 1.9.2 (включая)

EPSS

Процентиль: 52%

0.00295

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-9wf6-88x4-6xvj