cleantalk
Vulnerabilities and Security Researches

BuddyPress, CVE-2014-1888

CVE, Research URL

CVE-2014-1888

Home page URL

Security reports for BuddyPress

Application

BuddyPress

Published on
Mar 01, 2014
Research Description
Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. NOTE: this can be exploited without authentication by leveraging CVE-2014-1889.
Affected versions
max 1.9.2.
Status
vulnerable
Previous vulnerability researches
AI Moderator for BuddyPress (c5199662169f8022d0a0bdb6a709c2dd4e56fd11) , Jun 07, 2024
Buddypress Humanity (CVE-2025-31033) , Apr 11, 2025
BuddyPress xProfile Checkout Manager for WooCommerce (a5d9f295a711e0878315c783d59b7a1edfa94bbf) , Jun 07, 2024
Wbcom Designs – BuddyPress Group Reviews (CVE-2022-2108) , Jun 06, 2024
Wbcom Designs – BuddyPress Group Reviews (dc16c7b0b542f8afa7dafd55e2f68f72e9f422be) , Jun 06, 2024
New vulnerability
WP Links Page (CVE-2025-10175) , Nov 10, 2025
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2025-62884) , Nov 10, 2025
Fix Multiple Redirects (CVE-2025-48092) , Nov 10, 2025
Photospace Responsive Gallery (CVE-2025-62899) , Nov 10, 2025
Grid Plus – Unlimited grid layout (CVE-2025-53352) , Nov 10, 2025