Groups

Vulnerabilities 4Slug groupsLatest version 4.2.0WordPress.org →

Minimum safe version

3.11.0

Update to 3.11.0 or later to address 4 fixable vulnerabilities

Latest available4.2.0
N/A
2026-02-18< 3.11.0

Groups <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'groups_group_info' Shortcode

WordfenceCVE
Medium 4.3
2025-11-10< 3.8.0

WordPress Groups Plugin <= 6.7.0 is vulnerable to Insecure Direct Object References (IDOR)

PatchstackCVEWordfence
N/A
< 1.4.6

Groups 1.4.5 - Negated Role Capability H&amp;ling Elevated Privilege Issue

WPScan
N/A
2014-08-01< 1.4.6

WordPress Groups Plugin <= 1.4.5 -

Patchstack