Vulnerabilities and security researches forbp-group-documents bp-group-documents
Direction: descendingJun 16, 2026
BP Group Documents # 6680bcfa-bc62-472f-8f56-22c84276297d
- CVE, Research URL
- Home page URL
- Application
- Date
- -
- Research Description
- BP Group Documents [bp-group-documents] < 1.2.2 Group Documents 1.2.1 - bp-group-documents-settings.php file Parameter Remote Path Traversal File Location Manipulation The BP Group Documents WordPress plugin was affected by a bp-group-documents-settings.php file Parameter Remote Path Traversal File Location Manipulation security vulnerability.
- Affected versions
-
max 1.2.2.
- Status
-
vulnerable
BP Group Documents # 5063acc729c4a8181d4837a67fa533b9338c53d7
- CVE, Research URL
- Home page URL
- Application
- Date
- May 15, 2015
- Research Description
- BP Group Documents [bp-group-documents] < 1.2.2 WordPress Group Documents Plugin <= 1.2 - Stored Cross Site Scripting This plugin is prone to a file uploading multiple parameter stored cross site scripting vulnerability. Update the plugin.
- Affected versions
-
max 1.2.2.
- Status
-
vulnerable
BP Group Documents # 98d70764-8d00-4faa-8b52-89a1c27dc69e
- CVE, Research URL
- Home page URL
- Application
- Date
- -
- Research Description
- BP Group Documents [bp-group-documents] < 1.2.2 Group Documents 1.2 - File Uploading Multiple Parameter Stored XSS The BP Group Documents WordPress plugin was affected by a File Uploading Multiple Parameter Stored XSS security vulnerability.
- Affected versions
-
max 1.2.2.
- Status
-
vulnerable
BP Group Documents # 51acb6f4-f861-44b2-bf18-40ce0e63b92f
- CVE, Research URL
- Home page URL
- Application
- Date
- -
- Research Description
- BP Group Documents [bp-group-documents] < 1.2.2 Group Documents 1.2.1 - Document Upload Multiple Field Stored XSS The BP Group Documents WordPress plugin was affected by a Document Upload Multiple Field Stored XSS security vulnerability.
- Affected versions
-
max 1.2.2.
- Status
-
vulnerable
BP Group Documents # 425352968b81906319c06e4b3aa737a7755b4ac1
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 19, 2014
- Research Description
- BP Group Documents [bp-group-documents] < 1.2.2 WordPress BP Group Documents Plugin 1.2.1 - Multiple Vulnerabilities BP Group Documents plugin is prone to multiple vulnerabilities. 1. Stored XSS - “Display name” and “Description” fields are not escaped. It means that any tags can be stored in them. 2. Cross-site request forgery - the fields are vulnerable and an unauthenticated user can logged in user to edit any existing document. 3. Moving any file PHP user has access to in BP group documents. Upgrade to version 1.2.2.
- Affected versions
-
max 1.2.2.
- Status
-
vulnerable
BP Group Documents # 81ed5b68-f3ba-4ccc-bfbc-87cb99717cfe
- CVE, Research URL
- Home page URL
- Application
- Date
- -
- Research Description
- BP Group Documents [bp-group-documents] < 1.2.2 Group Documents 1.2.1 - Document Property Manipulation CSRF The BP Group Documents WordPress plugin was affected by a Document Property Manipulation CSRF security vulnerability.
- Affected versions
-
max 1.2.2.
- Status
-
vulnerable
BP Group Documents # 8ec8215c1a2b307febdf8027a41f2752139e7f8e
- CVE, Research URL
- Home page URL
- Application
- Date
- May 15, 2015
- Research Description
- BP Group Documents [bp-group-documents] < 1.2.2 WordPress Group Documents Plugin <= 1.2.1 - Remote Path Traversal This plugin is prone to a bp-group-documents-settings.php file parameter remote path traversal file location manipulation vulnerability. Upgrade the plugin.
- Affected versions
-
max 1.2.2.
- Status
-
vulnerable
BP Group Documents # 8809699fbfb571c11d6aeba64f1488cb6cf5c077
- CVE, Research URL
- Home page URL
- Application
- Date
- May 15, 2015
- Research Description
- BP Group Documents [bp-group-documents] < 1.2.2 WordPress Group Documents Plugin <= 1.2.1 - Cross Site Request Forgery This plugin is prone to a document property manipulation cross site request forgery vulnerability. Update the plugin.
- Affected versions
-
max 1.2.2.
- Status
-
vulnerable
BP Group Documents # 4476cbd5ba1907a3b349820c91fb20162d80de10
- CVE, Research URL
- Home page URL
- Application
- Date
- May 15, 2015
- Research Description
- BP Group Documents [bp-group-documents] < 1.2.2 WordPress Group Documents Plugin <= 1.2.1 - Stored Cross Site Scripting This plugin is prone to a cross site scripting vulnerability, because “Display name” and “Description” fields are not escaped. Update the plugin.
- Affected versions
-
max 1.2.2.
- Status
-
vulnerable
BP Group Documents # 017039dd2ef18af36cf0536621a9371c7af772c9
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 04, 2013
- Research Description
- BP Group Documents [bp-group-documents] < 1.2.2 BP Group Documents <= 1.2.1 - Path Traversal The Group Documents plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.2.1 via the bp-group-documents-settings.php file. This allows unauthenticated attackers to change the location of any file the compromised user has access to in the upload directories.
- Affected versions
-
max 1.2.2.
- Status
-
vulnerable
BP Group Documents # 976d9971f284e7e9d132cce6a128376d66572446
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 04, 2013
- Research Description
- BP Group Documents [bp-group-documents] < 1.2.2 BP Group Documents <= 1.2 - Stored Cross-Site Scripting The BP Group Documents plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated Admin+ attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 1.2.2.
- Status
-
vulnerable
BP Group Documents # d73d2cac13c8f93aceb5b544916c5426088bf31c
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 04, 2013
- Research Description
- BP Group Documents [bp-group-documents] < 1.2.2 BP Group Documents <= 1.2.1 - Stored Cross-Site Scripting The BP Group Documents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display name' and 'Description' fields in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 1.2.2.
- Status
-
vulnerable
BP Group Documents # 9563d9b76db06a089526cd01b9c0bbc3a0578177
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 04, 2013
- Research Description
- BP Group Documents [bp-group-documents] < 1.2.2 BP Group Documents <= 1.2.1 - Cross-Site Request Forgery The BP Group Documents plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to modify any group document's name and description; the fields are also susceptible to XSS, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Affected versions
-
max 1.2.2.
- Status
-
vulnerable
Jun 07, 2024
BP Group Documents # 8baef861c378b15eb8c204ede505bfadd5814db1
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 29, 2017
- Research Description
- BP Group Documents [bp-group-documents] < 1.11 WordPress BP Group Documents plugin <= 1.10 Authenticated Document Modification vulnerability WordPress BP Group Documents plugin Authenticated Document Modification vulnerability exists in the function do_post_logic(), in the file /include/templatetags.php. If user has a capability to edit one document, he also can edit all other documents. Update the plugin.
- Affected versions
-
max 1.11.
- Status
-
vulnerable