DRUPAL-CONTRIB-2026-001

This module enables allows group managers to invite people into their group. The module doesn't sufficiently check access under certain circumstances, allowing unauthorized users to access the group's content. This vulnerability is mitigated by the fact that it only occurs when certain uncommon...

Group invite - Moderately critical - Access bypass - SA-CONTRIB-2026-001

This module enables allows group managers to invite people into their group. The module doesn't sufficiently check access under certain circumstances, allowing unauthorized users to access the group's content. This vulnerability is mitigated by the fact that it only occurs when certain uncommon...

CVE-2024-2232

The lacks CSRF checks allowing a user to invite any user to any group including private groups...

WordPress: Add users to groups who have restricted group invites

Description: WordPress version: 5.2 BuddyPress version: 4.2.0 Through this vulnerability, an attacker could add users to groups who have set : I want to restrict Group invites to my friends only. There is no proper validation of the personal settings of the user and thus the users with such priva...