Title: Security Vulnerability
Last modified: February 14, 2025

---

# Security Vulnerability

 *  Resolved [fkildoo](https://wordpress.org/support/users/fkildoo/)
 * (@fkildoo)
 * [1 year, 1 month ago](https://wordpress.org/support/topic/security-vulnerability-167/)
 * Wordfence found the following issue with this plugin:
 * Missing Authorization to Authenticated (Subscriber+) Database Update
 * The Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress
   is vulnerable to unauthorized modification of data due to a missing capability
   check on the basepress_db_posts_update() function in all versions up to, and 
   including, 2.16.3.3. This makes it possible for authenticated attackers, with
   Subscriber-level access and above, to update the database.
 * [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/basepress/knowledge-base-documentation-wiki-plugin-basepress-docs-21633-missing-authorization-to-authenticated-subscriber-database-update](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/basepress/knowledge-base-documentation-wiki-plugin-basepress-docs-21633-missing-authorization-to-authenticated-subscriber-database-update)

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Thread Starter [fkildoo](https://wordpress.org/support/users/fkildoo/)
 * (@fkildoo)
 * [1 year, 1 month ago](https://wordpress.org/support/topic/security-vulnerability-167/#post-18306866)
 * Update: Now I see that the recent version of this plugin is 2.16.3.6. Interestingly,
   my site showed all plugins are up to date and the BasePress plugin is still at
   version 2.16.3.2. I did a force update check and still it would not show there
   is an update available. I was able to successfully update the plugin by installing
   it from an uploaded file.
 *  Plugin Author [BasePress](https://wordpress.org/support/users/codesavory/)
 * (@codesavory)
 * [1 year, 1 month ago](https://wordpress.org/support/topic/security-vulnerability-167/#post-18307482)
 * As you may have noticed, this vulnerability is already addressed.
 * Anyone else reading this, please update to latest version version of this plugin
   and this should be resolved.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Security Vulnerability’ is closed to new replies.

 * ![](https://ps.w.org/basepress/assets/icon-256x256.gif?rev=2817400)
 * [Knowledge Base documentation & wiki plugin - BasePress Docs](https://wordpress.org/plugins/basepress/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/basepress/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/basepress/)
 * [Active Topics](https://wordpress.org/support/plugin/basepress/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/basepress/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/basepress/reviews/)

 * 3 replies
 * 2 participants
 * Last reply from: [BasePress](https://wordpress.org/support/users/codesavory/)
 * Last activity: [1 year, 1 month ago](https://wordpress.org/support/topic/security-vulnerability-167/#post-18307482)
 * Status: resolved