Privilege escalation in Boonebgorges Buddypress Groupblog
CVE-2026-5144
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the `groupblog-blogid`, `default-member`, and `groupb…
Vulnerability class: Privilege Escalation
EPSS: 0.000 (8.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Boonebgorges Buddypress Groupblog — versions 0
Weakness classification (CWE)
References
- www.wordfence.com/threat-intel/vulnerabilities/id/8129046a-5aa5-4644-babc-0eca9…
- plugins.trac.wordpress.org/browser/bp-groupblog/trunk/bp-groupblog.php
- plugins.trac.wordpress.org/browser/bp-groupblog/tags/1.9.3/bp-groupblog.php
- plugins.trac.wordpress.org/browser/bp-groupblog/trunk/bp-groupblog.php
- plugins.trac.wordpress.org/browser/bp-groupblog/tags/1.9.3/bp-groupblog.php
- plugins.trac.wordpress.org/browser/bp-groupblog/trunk/bp-groupblog.php
- plugins.trac.wordpress.org/browser/bp-groupblog/tags/1.9.3/bp-groupblog.php
- github.com/boonebgorges/bp-groupblog/commit/b824593add9e2c53ef4f0d2e0824d4de078…
Frequently asked questions
- What is CVE-2026-5144?
- CVE-2026-5144 is a high-severity vulnerability in Boonebgorges Buddypress Groupblog, classified under Improper Privilege Management. CVSS score: 8.8/10. Published 2026-04-11.
- How severe is CVE-2026-5144?
- High severity. CVSS v3 base score is 8.8 out of 10.