Published: 10/04/2018 Updated: 26/04/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 405

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

The Group creation process in the Buddypress plugin prior to 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.

Vulnerable Product	Search on Vulmon	Subscribe to Product
buddypress buddypress

# Exploit Title: Wordpress plugin Buddypress <= 191 privilege escalation # Date: 11/02/2014 # Exploit Author: Pietro Oliva # Vendor Homepage: buddypressorg # Software Link: downloadswordpressorg/plugin/buddypress191zip # Version: 191 # CVE : [CVE-2014-1889] # Vulnerability patched in version 192 it is possible to perf ...

WordPress Buddypress plugin versions 191 and below suffer from a privilege escalation vulnerability ...

CWE-264 https://exchange.xforce.ibmcloud.com/vulnerabilities/91261 https://buddypress.org/2014/02/buddypress-1-9-2/http://www.securityfocus.com/bid/65554 http://www.securityfocus.com/archive/1/531050/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/31571/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-1889

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect