BuddyPress 5.1.2 is now available. This is a security release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible. The 5.1.2 release addresses one security issue: Certain REST API requests could result in the exposure of private data. Discovered and reported independently by Petter Walbø Johnsgård and Jacek Suski. The vulnerability was […]
BuddyPress 5.1.2 Security Release
Published on January 3rd, 2020 by Boone GorgesBuddyPress 5.1.1 Security Release
Published on December 23rd, 2019 by Mathieu VietBuddyPress 5.1.1 is now available. This is a security release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible. The 5.1.1 release addresses one security issue: A denied of service was fixed that could allow a logged in user to remove another user’s avatar and also any empty folder. Discovered by nomnom. […]
BuddyPress 2.9.3 Security and Maintenance Release
Published on January 26th, 2018 by Boone GorgesBuddyPress 2.9.3 is now available. This is a security and maintenance release. We strongly encourage all BuddyPress sites to upgrade as soon as possible. The 2.9.3 release addresses two security issues: A dynamic template loading feature could be used in some cases for unauthorized file execution and directory traversal. Reported by James Golovich. Some permissions […]
BuddyPress 2.9.2 Security and Maintenance Release
Published on November 2nd, 2017 by Boone GorgesBuddyPress 2.9.2 is now available. This is a security and maintenance release. We strongly encourage all BuddyPress sites to upgrade as soon as possible. The 2.9.2 release addresses five security issues: A Cross Site Request Forgery (CSRF) vulnerability was fixed in the interface used by admins to perform certain actions related to sitewide notices. Reported […]
BuddyPress 2.7.4 – Security Release
Published on December 23rd, 2016 by John James JacobyBuddyPress 2.7.4 is now available, and is a security release & recommended upgrade for all BuddyPress installations. We’ve also ported the code changes in 2.7.4 to all branches back 2.0, and are pushing updates out for all installations where we are able to do so. These releases include a fix to the BuddyPress core attachments API that could allow […]
BuddyPress 2.4.2
Published on December 3rd, 2015 by Paul GibbsBuddyPress 2.4.2 is now available. This is an maintenance and security release, and all BuddyPress installations are recommended to upgrade as soon as possible. An XSS vulnerability in the Groups component was discovered, which affected the Groups administration screen inside the wp-admin area. We thank Krzysztof Katowicz-Kowalewski (vnd) for responsibly disclosing this issue to the […]
BuddyPress 2.3.5
Published on November 11th, 2015 by Boone GorgesBuddyPress 2.3.5 is now available. This is a security release for all previous versions. All BuddyPress installations are strongly encouraged to upgrade immediately. BuddyPress versions 2.3.4 and earlier are subject to a vulnerability that may allow privilege escalation for logged-in users. We have no evidence that this bug has ever been exploited in the wild, […]
BuddyPress 1.7.3
Published on July 10th, 2013 by Boone GorgesBuddyPress 1.7.3 is now available. This is a security and maintenance release, and we urge all installations running BP 1.5 or later to upgrade immediately. Version 1.7.3 includes fixes for the following: A cross-site scripting vulnerability in the way that success/error messages are stored and then displayed A bug that caused Set-Cookie headers to be […]
BuddyPress Updated to 1.1.2
Published on October 26th, 2009 by Andy PeatlingBuddyPress 1.1.2 is now available via an automatic upgrade or manual download. This is an important security release and fixes two vulnerabilities found in version 1.1.1. To stay protected it is essential that you upgrade to this version of BuddyPress regardless of the version you are currently running. For a full list of fixes and […]
