Medium severity6.5NVD Advisory· Published Apr 10, 2018· Updated Jun 17, 2026
CVE-2014-1889
CVE-2014-1889
Description
The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.
Affected products
2<1.9.2+ 1 more
- (no CPE)range: <1.9.2
- (no CPE)range: <1.9.2
Patches
Vulnerability mechanics
References
4- www.securityfocus.com/archive/1/531050/100/0/threadednvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/65554nvdThird Party AdvisoryVDB Entry
- buddypress.org/2014/02/buddypress-1-9-2/nvdVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/91261nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.