CVE-2025-5526
BaseFortify
Publication date: 2025-06-27
Last updated on: 2025-07-03
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| boonebgorges | buddypress_docs | to 2.2.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5526 is an Insecure Direct Object Reference (IDOR) vulnerability in the BuddyPress Docs WordPress plugin versions before 2.2.5. It occurs because the plugin lacks proper access controls, allowing a logged-in user to view, download, and modify documents and attachments belonging to other users without authorization. Essentially, an attacker can manipulate document IDs in requests to access or change documents they should not have permission to access. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized users with at least Subscriber roles to access, download, and modify your private documents and attachments stored in the BuddyPress Docs plugin. This could lead to data leakage, unauthorized data modification, and potential loss of confidentiality and integrity of your documents. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing if authenticated users with Subscriber or higher roles can access or modify documents belonging to other users. A practical approach involves intercepting and modifying HTTP requests related to document editing to see if document IDs belonging to other users can be accessed or changed. For example, using a proxy tool like Burp Suite to capture and modify the 'doc_id' parameter in requests to the BuddyPress Docs plugin can reveal the vulnerability. Specific commands depend on the tools used, but generally, you would: 1) Log in as one user and create a document with restricted permissions. 2) Intercept the HTTP request saving the document to capture the document ID. 3) Log in as another user and attempt to access or modify the first user's document by changing the 'doc_id' parameter in the intercepted request. This manual testing approach is recommended since automated detection commands are not provided. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the BuddyPress Docs WordPress plugin to version 2.2.5 or later, where the vulnerability has been fixed. Until the update can be applied, restrict access to the plugin by limiting user roles that can access BuddyPress Docs or disabling the plugin temporarily to prevent exploitation. Additionally, monitor document access logs for unauthorized access or modifications. [1]