The BuddyPress WordPress plugin was affected by a Crafted bp_new_group_id Cookie Arbitrary Group Manipulation security vulnerability.
packetstormsecurity.com/files/125213/
vulners.com/exploitdb/EDB-ID:31571