BuddyPress 2.3.2 is now available. This is an important maintainance and security release for the 2.3 series, and all BuddyPress installations are recommended to upgrade as soon as possible.

BuddyPress 2.3.0 introduced a vulnerability that could allow an unauthenticated user to view the subject lines of a BP user’s private messages by manipulating an AJAX request. This vulnerability was reported by Mike Saunders. The BuddyPress team independently discovered and fixed a related vulnerability that could allow an authenticated user to view the subject lines of a different user’s private messages, also by manipulating an AJAX request.

This release also includes fixes for four bugs introduced in the 2.3 series.

Update to BuddyPress 2.3.2 today in your WordPress Dashboard, or by downloading from the wordpress.org plugin repository.

Questions or comments? Check out 2.3.2 changelog, or stop by our support forums or Trac.