cleantalk
Vulnerabilities and Security Researches

BP Group Documents, 9563d9b76db06a089526cd01b9c0bbc3a0578177

CVE, Research URL

9563d9b76db06a089526cd01b9c0bbc3a0578177

Home page URL

Security reports for BP Group Documents

Application

BP Group Documents

Published on
Oct 04, 2013
Research Description
BP Group Documents [bp-group-documents] < 1.2.2 BP Group Documents <= 1.2.1 - Cross-Site Request Forgery The BP Group Documents plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to modify any group document's name and description; the fields are also susceptible to XSS, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.2.2.
Status
vulnerable
Previous vulnerability researches
Elizaibots (CVE-2025-49893) , Aug 20, 2025
Elizaibots (abcf8d2a13b3fd2324a04f9724e5ac9347743677) , Jun 16, 2026
New vulnerability
10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer (fc200a6e9c12da568e368ba326276d36c052bd46) , Jun 16, 2026
10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer (a5844136834f85b2f395ec698651bb0c6473b351) , Jun 16, 2026
10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer (182b53a19005ff35d62bd24481e57e153c925f15) , Jun 16, 2026
10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer (de0f92533bfc2aebdfa825d005fcdb3e009b8a79) , Jun 16, 2026
10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer (97a495fe33c84cb495e8f979f58615f6312d8099) , Jun 16, 2026