WordPress · Buddypress Docs · CVE-2025-5526
Name of the Vulnerable Software and Affected Versions:
BuddyPress Docs WordPress plugin version 2.2.4 and earlier
Description:
The issue is related to inadequate access controls in the BuddyPress Docs WordPress plugin, allowing a logged-in user to view and download files belonging to another user.
Recommendations:
For versions prior to 2.2.5, update to version 2.2.5 or later to resolve the issue.