Buddypress

This hub aggregates every CVE we track for Buddypress, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Buddypress.

• CVE-2026-53675BuddyPress 14.4.0 Friends List IDOR via REST API4.3Jun 9, 2026
• CVE-2026-53674BuddyPress 14.4.0 REGEXP Injection via @Mention Username Resolution7.1Jun 9, 2026
• CVE-2026-53673BuddyPress 14.4.0 Private Message IDOR via REST API user_id Parameter8.1Jun 9, 2026
• CVE-2020-37233WordPress Plugin Buddypress 6.2.0 Persistent Cross-Site Scripting6.4May 16, 2026
• CVE-2024-11976BuddyPress <= 14.3.3 - Unauthenticated Arbitrary Shortcode Execution7.3Jan 23, 2026
• CVE-2025-62022WordPress BuddyPress plugin <= 14.3.4 - Broken Access Control vulnerability7.5Oct 22, 2025
• CVE-2025-23798WordPress Mass Messaging in BuddyPress Plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability7.1Jan 22, 2025
• CVE-2024-10011BuddyPress <= 14.1.0 - Authenticated (Subscriber+) Directory Traversal8.1Oct 25, 2024
• CVE-2024-4892BuddyPress <= 12.4.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting6.4Jun 12, 2024
• CVE-2024-3974BuddyPress <= 12.4.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting6.4May 9, 2024
• CVE-2023-50880WordPress BuddyPress Plugin <= 11.3.1 is vulnerable to Cross Site Scripting (XSS)6.5Dec 29, 2023
• CVE-2021-21389BuddyPress privilege escalation via REST API8.1Mar 26, 2021
• CVE-2020-5244Private data exposure via REST API in BuddyPress8.0Feb 24, 2020
• CVE-2014-1889The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.6.5Apr 10, 2018
• CVE-2017-6954An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper pe...4.3Mar 17, 2017