cleantalk
Vulnerabilities and Security Researches

BP Group Documents, 976d9971f284e7e9d132cce6a128376d66572446

CVE, Research URL

976d9971f284e7e9d132cce6a128376d66572446

Home page URL

Security reports for BP Group Documents

Application

BP Group Documents

Published on
Oct 04, 2013
Research Description
BP Group Documents [bp-group-documents] < 1.2.2 BP Group Documents <= 1.2 - Stored Cross-Site Scripting The BP Group Documents plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated Admin+ attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.2.2.
Status
vulnerable
Previous vulnerability researches
Elizaibots (CVE-2025-49893) , Aug 20, 2025
Elizaibots (abcf8d2a13b3fd2324a04f9724e5ac9347743677) , Jun 16, 2026
New vulnerability
Short URL (49c452abea504abdd9ab5237225200824ba8be46) , Jun 16, 2026
Short URL (0a89fedcc5909ba9b39e490c8b4697c5ce4acc52) , Jun 16, 2026
10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer (fc200a6e9c12da568e368ba326276d36c052bd46) , Jun 16, 2026
10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer (a5844136834f85b2f395ec698651bb0c6473b351) , Jun 16, 2026
10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer (182b53a19005ff35d62bd24481e57e153c925f15) , Jun 16, 2026