One of the changelog entries for version 1.10 of the plugin BP Group Documents is “Security fixes “. Looking at the changes made in that version there is code added that checks if a user has permission to edit a document before allowing additional code to run. That seemed very similar to a change made in another BuddyPress plugin, BuddyPress Docs, that we detailed last week and at first we thought the same issue was fixed in this plugin. But upon a closer look we found that the change was to code that did something else and the issue of a user being able to edit documents they shouldn’t existed in the current of this plugin. We notified the developer and less than day later version 1.11 was released, which fixes the vulnerability.

As of version 1.10 the function do_post_logic(), in the file /include/templatetags.php, the only check done before saving changes to a document is to see if there is a valid nonce, which prevents cross-site request forgery (CSRF), included with the request: [Read more]