10 matches found
CVE-2026-5144
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...
WordPress BuddyPress Groupblog plugin <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR vulnerability
Authenticated Subscriber+ Privilege Escalation to Administrator via Group Blog IDOR vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin BuddyPress Groupblog versions = 1.9.3...
CVE-2026-5144
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...
EUVD-2026-21658
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...
CVE-2026-5144 BuddyPress Groupblog <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...
CVE-2026-5144
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...
CVE-2026-5144 BuddyPress Groupblog <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...
CVE-2026-5144
The CVE-2026-5144 entry describes a Privilege Escalation in the BuddyPress Groupblog WordPress plugin up to version 1.9.3. The root cause is that the group blog settings handler accepts groupblog-blogid, default-member, and groupblog-silent-add from user input without proper authorization checks,...
WordPress plugin BuddyPress Groupblog 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
PT-2026-32089
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...