VYPR

Groups

by WordPress

Source repositories

CVEs (2)

  • CVE-2026-0549MedFeb 19, 2026
    risk 0.42cvss 6.4epss 0.00

    The Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'groups_group_info' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible…

  • CVE-2025-11748MedNov 8, 2025
    risk 0.28cvss 4.3epss 0.00

    The Groups plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0 via the 'group_id' parameter of the group_join function due to missing validation on a user controlled key. This makes it possible for authenticated…