CVE-2025-5526

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-5526

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-5526.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-5526

Published

2025-06-27T06:15:26Z

Modified

2025-07-05T16:49:13.287269Z

Summary

[none]

Details

The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user

References

https://wpscan.com/vulnerability/10196cd3-5bf7-4e40-a4f7-4ff2d34d516d/

Affected packages

Git / github.com/boonebgorges/buddypress-docs

Affected ranges

Type: GIT
Repo: https://github.com/boonebgorges/buddypress-docs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

43dbe30fa39d58240e0cf1852c26a4d77fd881df

Affected versions

1.*

1.0-beta-2

1.0.3

1.0.5

1.0.6

1.0.7

1.1

1.1.1

1.1.10

1.1.11

1.1.12

1.1.13

1.1.14

1.1.15

1.1.16

1.1.17

1.1.18

1.1.19

1.1.2

1.1.20

1.1.21

1.1.22

1.1.23

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.2

1.2.1

1.2.10

1.2.2

1.2.3

1.2.4

1.2.8

1.2.9

1.3

1.3.1

1.3.4

1.4

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.5

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.6.0

1.6.1

1.7.0

1.7.1

1.8.0

1.8.1

1.8.2

1.8.3

1.8.5

1.8.6

1.8.7

1.8.8

1.9.0

1.9.1

1.9.2

2.*

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.6

2.1.7

2.1.8

2.2.0

2.2.1