CVE-2025-5526

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-5526

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5526.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-5526

Published

2025-06-27T06:15:26.763Z

Modified

2026-04-10T05:30:58.336608Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user

References

https://wpscan.com/vulnerability/10196cd3-5bf7-4e40-a4f7-4ff2d34d516d/

Affected packages

Git / github.com/boonebgorges/buddypress-docs

Affected ranges

Type

GIT

Repo

https://github.com/boonebgorges/buddypress-docs

Events

Introduced

Fixed

43dbe30fa39d58240e0cf1852c26a4d77fd881df

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.2.5"
        }
    ]
}

Affected versions

1.*

1.0-beta-2

1.4.4

1.5.7

1.6.0

1.6.1

1.7.1

1.8.0

1.8.1

1.8.2

1.8.3

1.8.5

1.8.8

1.9.0

2.*

2.2.0

2.2.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5526.json"