BuddyPress 14.4.0, 12.6.0 & 11.5.1 Maintenance and Security Releases · BuddyPress.org

Skip to:: Content; Pages; Categories; Search; Comments; Respond; Top; Previous Post; Bottom

BuddyPress 14.4.0, 12.6.0 & 11.5.1 Maintenance and Security Releases

Published on September 24th, 2025 by David Cavins

BuddyPress 14.4.0, BuddyPress 12.6.0, and BuddyPress 11.5.1 are all now available. This is a security release. Please update as soon as possible.

14.4.0, 12.6.0 & 11.5.1 fixed one bug and one security issue:

The BP REST API signups endpoint could leak signup data, including user email addresses, because of a too-lenient lookup function. Thanks to Asim Alshaya for responsibly reporting this issue.
Improve behavior of bp_email_unsubscribe_handler(). After the changes in the “Improve security of status update messages” changeset, non-logged-in users clicking an unsubscribe link received no feedback on the success of their action.

For complete details, visit the 14.4.0 changelog.

Many thanks to our 14.4.0 contributors

emaralive, jjj, r-a-y, vapvarun, and dcavins.

There are no comments to display