漏洞类别:CGI
漏洞等级: 
漏洞信息
WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. The BuddyPress Docs plugin adds collaborative Docs to BuddyPress.
The vulnerability exists in the implemented includes/component.php source file that could allow authenticated users to edit documents of other users without proper permissions.
Affected Versions:
BuddyPress Docs plugin before 1.9.3 for WordPress
漏洞危害
Successful exploitation could allow authenticated attackers to edit certain Docs without proper permissions.
解决方案
Customers are advised to upgrade their WordPress plugin to BuddyPress Docs 1.9.3 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论