BuddyPress 9.1.1 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible. The 9.1.1 release addresses three security issues: The activation key was included into the responses of the create_item method of BP REST API Signup controller. Discovered by Brajesh Singh. An SQL Injection […]
BuddyPress 9.1.1 Security and Maintenance Release
Published on August 18th, 2021 by Mathieu VietBuddyPress 7.3.0 Maintenance & Security Release
Published on April 14th, 2021 by Mathieu VietBuddyPress 7.3.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible. The 7.3.0 release addresses four security issues: A vulnerability was fixed that could allow a member to create a group on behalf of another member via a REST API endpoint. A vulnerability […]
BuddyPress 7.2.1 Security Release
Published on March 16th, 2021 by Mathieu VietBuddyPress 7.2.1 is now available. This is a security release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible. The 7.2.1 release addresses 5 security issues which were reported privately to the BuddyPress team by Kien Hoang, in accordance with WordPress’s security policies: A vulnerability was fixed that could allow a privilege escalation from […]
BuddyPress 6.4.0 Maintenance and Security Release
Published on November 27th, 2020 by Mathieu VietBuddyPress 6.4.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible. The 6.4.0 release addresses one security issue: non-capable users could add a style attributes to “span” and “p” elements in possible rich text fields of their profile page. The vulnerability has been […]
BuddyPress 5.1.2 Security Release
Published on January 3rd, 2020 by Boone GorgesBuddyPress 5.1.2 is now available. This is a security release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible. The 5.1.2 release addresses one security issue: Certain REST API requests could result in the exposure of private data. Discovered and reported independently by Petter Walbø Johnsgård and Jacek Suski. The vulnerability was […]
BuddyPress 5.1.1 Security Release
Published on December 23rd, 2019 by Mathieu VietBuddyPress 5.1.1 is now available. This is a security release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible. The 5.1.1 release addresses one security issue: A denied of service was fixed that could allow a logged in user to remove another user’s avatar and also any empty folder. Discovered by nomnom. […]
BuddyPress 2.9.3 Security and Maintenance Release
Published on January 26th, 2018 by Boone GorgesBuddyPress 2.9.3 is now available. This is a security and maintenance release. We strongly encourage all BuddyPress sites to upgrade as soon as possible. The 2.9.3 release addresses two security issues: A dynamic template loading feature could be used in some cases for unauthorized file execution and directory traversal. Reported by James Golovich. Some permissions […]
BuddyPress 2.9.2 Security and Maintenance Release
Published on November 2nd, 2017 by Boone GorgesBuddyPress 2.9.2 is now available. This is a security and maintenance release. We strongly encourage all BuddyPress sites to upgrade as soon as possible. The 2.9.2 release addresses five security issues: A Cross Site Request Forgery (CSRF) vulnerability was fixed in the interface used by admins to perform certain actions related to sitewide notices. Reported […]
BuddyPress 2.7.4 – Security Release
Published on December 23rd, 2016 by John James JacobyBuddyPress 2.7.4 is now available, and is a security release & recommended upgrade for all BuddyPress installations. We’ve also ported the code changes in 2.7.4 to all branches back 2.0, and are pushing updates out for all installations where we are able to do so. These releases include a fix to the BuddyPress core attachments API that could allow […]
BuddyPress 2.4.2
Published on December 3rd, 2015 by Paul GibbsBuddyPress 2.4.2 is now available. This is an maintenance and security release, and all BuddyPress installations are recommended to upgrade as soon as possible. An XSS vulnerability in the Groups component was discovered, which affected the Groups administration screen inside the wp-admin area. We thank Krzysztof Katowicz-Kowalewski (vnd) for responsibly disclosing this issue to the […]