buddypress

Top products

The 15 most recently published vulnerabilities affecting buddypress.

• CVE-2026-53675BuddyPress 14.4.0 Friends List IDOR via REST API4.3Jun 9, 2026
• CVE-2026-53674BuddyPress 14.4.0 REGEXP Injection via @Mention Username Resolution7.1Jun 9, 2026
• CVE-2026-53673BuddyPress 14.4.0 Private Message IDOR via REST API user_id Parameter8.1Jun 9, 2026
• CVE-2024-11976BuddyPress <= 14.3.3 - Unauthenticated Arbitrary Shortcode Execution7.3Jan 23, 2026
• CVE-2025-62022WordPress BuddyPress plugin <= 14.3.4 - Broken Access Control vulnerability7.5Oct 22, 2025
• CVE-2025-23798WordPress Mass Messaging in BuddyPress Plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability7.1Jan 22, 2025
• CVE-2024-10011BuddyPress <= 14.1.0 - Authenticated (Subscriber+) Directory Traversal8.1Oct 25, 2024
• CVE-2024-4892BuddyPress <= 12.4.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting6.4Jun 12, 2024
• CVE-2024-3974BuddyPress <= 12.4.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting6.4May 9, 2024
• CVE-2023-50880WordPress BuddyPress Plugin <= 11.3.1 is vulnerable to Cross Site Scripting (XSS)6.5Dec 29, 2023
• CVE-2021-21389BuddyPress privilege escalation via REST API8.1Mar 26, 2021
• CVE-2020-5244Private data exposure via REST API in BuddyPress8.0Feb 24, 2020
• CVE-2014-1889The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.6.5Apr 10, 2018
• CVE-2017-6954An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper pe...4.3Mar 17, 2017
• CVE-2014-1888Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/cr...4.3Feb 28, 2014