BuddyPress 11.3.2 is now available. This is a security release. All BuddyPress installations should be updated as soon as possible.
The 11.3.2 release addresses the following security issue:
- A Potential Cross Site Scripting using Members/Groups block props by a user having a contributor role vulnerability. Discovered by Rafie Muhammad (Patchstack).
This vulnerability was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure.
For complete details, visit the 11.3.2 changelog.
If for a specific reason you can’t upgrade to 11.3.2, we have also ported the security fix to BuddyPress versions going all the way back to 7.0. Here’s the list of the available downloads for the corresponding tags, you can also find these links on our WordPress.org Plugin Directory “Advanced” page:
- If you are using BP 7.x and can’t upgrade to 11.3.1, please upgrade to 7.3.4
- If you are using BP 8.x and can’t upgrade to 11.3.1, please upgrade to 8.0.4
- If you are using BP 9.x and can’t upgrade to 11.3.1, please upgrade to 9.2.2
- If you are using BP 10.x and can’t upgrade to 11.3.1, please upgrade to 10.6.2