CVE-2017-6954

An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
buddypressbuddypress
𝑥
≤ 1.9.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/97238
https://github.com/boonebgorges/buddypress-docs/commit/75293ed4e5f31f04e54689bfe2c647e3e3f5e1a9
https://wordpress.org/plugins/buddypress-docs/changelog/
http://www.securityfocus.com/bid/97238
https://github.com/boonebgorges/buddypress-docs/commit/75293ed4e5f31f04e54689bfe2c647e3e3f5e1a9
https://wordpress.org/plugins/buddypress-docs/changelog/