Vulnerability Details : CVE-2017-6954
An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions.
Exploit prediction scoring system (EPSS) score for CVE-2017-6954
Probability of exploitation activity in the next 30 days: 0.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 30 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-6954
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2017-6954
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-6954
-
https://wordpress.org/plugins/buddypress-docs/changelog/
BuddyPress Docs – WordPress plugin | WordPress.orgRelease Notes;Third Party Advisory
-
http://www.securityfocus.com/bid/97238
Wordpress BuddyPress Plugin CVE-2017-6954 Security Bypass Vulnerability
-
https://github.com/boonebgorges/buddypress-docs/commit/75293ed4e5f31f04e54689bfe2c647e3e3f5e1a9
Improved permission check when processing a Doc save request. · boonebgorges/buddypress-docs@75293ed · GitHubPatch;Third Party Advisory
Products affected by CVE-2017-6954
- cpe:2.3:a:buddypress:buddypress:*:*:*:*:*:*:*:*