CVE-2014-1889

Name of the Vulnerable Software and Affected Versions Buddypress plugin versions prior to 1.9.2

Description The issue concerns a missing permissions check in the group creation process of the Buddypress plugin, allowing remote authenticated users to gain control of arbitrary groups.

Recommendations For versions prior to 1.9.2, update to version 1.9.2 or later to resolve the issue.