cleantalk
Vulnerabilities and Security Researches

BP Group Documents, d73d2cac13c8f93aceb5b544916c5426088bf31c

CVE, Research URL

d73d2cac13c8f93aceb5b544916c5426088bf31c

Home page URL

Security reports for BP Group Documents

Application

BP Group Documents

Published on
Oct 04, 2013
Research Description
BP Group Documents [bp-group-documents] < 1.2.2 BP Group Documents <= 1.2.1 - Stored Cross-Site Scripting The BP Group Documents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display name' and 'Description' fields in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.2.2.
Status
vulnerable
Previous vulnerability researches
BP Group Documents (8baef861c378b15eb8c204ede505bfadd5814db1) , Jun 07, 2024
BP Group Documents (6680bcfa-bc62-472f-8f56-22c84276297d) , Jun 16, 2026
BP Group Documents (5063acc729c4a8181d4837a67fa533b9338c53d7) , Jun 16, 2026
BP Group Documents (98d70764-8d00-4faa-8b52-89a1c27dc69e) , Jun 16, 2026
BP Group Documents (51acb6f4-f861-44b2-bf18-40ce0e63b92f) , Jun 16, 2026
New vulnerability
Booking Package (e7eb5243d3af9fd38973f7d59bebc6d698472b0b) , Jun 16, 2026
WP Simple Spreadsheet Fetcher for Google (f8fce47113e556ee0530bb8582de7956f1271b31) , Jun 16, 2026
WP Simple Spreadsheet Fetcher for Google (f224ff37-4126-49bc-b432-0d1e177abec8) , Jun 16, 2026
Team Showcase (6b13bc31f18e37d9599254d9ab05927592e1f19f) , Jun 16, 2026
Team Showcase (5b6a6c2a49333beeedb438830a1e82e7ac78d8e6) , Jun 16, 2026