CVE-2025-5526 | THREATINT

Description

The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user

PUBLISHED Reserved 2025-06-03 | Published 2025-06-27 | Updated 2025-07-01 | Assigner WPScan

Problem types

CWE-639 Authorization Bypass Through User-Controlled Key

Product status

Default status

unaffected

Any version before 2.2.5

affected

Credits

Terrence Bosco finder

Alexus Bosco finder

Andrew Risorto finder

WPScan coordinator

References

wpscan.com/...rability/10196cd3-5bf7-4e40-a4f7-4ff2d34d516d/ exploit

wpscan.com/...rability/10196cd3-5bf7-4e40-a4f7-4ff2d34d516d/ exploit vdb-entry technical-description

cve.org (CVE-2025-5526)

nvd.nist.gov (CVE-2025-5526)

Download JSON