BuddyPress 5.1.1 is now available. This is a security release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.

The 5.1.1 release addresses one security issue:

  • A denied of service was fixed that could allow a logged in user to remove another user’s avatar and also any empty folder. Discovered by nomnom.

Thi vulnerability was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure.

For complete details, visit the 5.1.1 changelog.

Update to BuddyPress 5.1.1 today in your WordPress Dashboard, or by downloading from the WordPress.org plugin repository.